Michel Pelletier <pelletier.michel@gmail.com> writes:
> In my extension pgsodium I'm defining a custom variable at startup to store
> a key:
> https://github.com/michelp/pgsodium/blob/master/src/pgsodium.c#L1107
> I'm using the flags GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE
> | GUC_DISALLOW_IN_FILE, and a custom "no show" show hook that obscures the
> value. This idea was inspired from the pgcryptokey module from Bruce
> Momjian.
I guess I'm wondering why you're making it a GUC at all, if you don't
want any of the GUC facilities to apply.
As far as I can think at the moment, putting in a no-op show hook
is sufficient to prevent the value from being seen at the SQL level.
However, it's far from clear that doing that isn't going to have
negative side-effects; it'll possibly also break other things like
GUC save/restore (eg rolling back when a transaction fails).
It seems like if you want to be this paranoid, you'd be better off
not exposing the variable to the GUC machinery in the first place.
You could use a custom set-function (like setseed) to replace the one
bit of functionality you do want.
regards, tom lane