Not per se, but it might just as well be that you share the database with several other applications, which might do DDL. Fully qualifying all identifiers is the easiest way to guarantee that you don't have negative dependencies to worry about (i.e. depending on the non-existance of some identifier in a certain schema); the issue will most likely happen only when a) an adversary gets CREATE TYPES access to the database, or when you use custom types and a name that's in use starts to be shadowed.
Examples:
CREATE DOMAIN "bigint" AS pg_catalog.text;
CREATE TYPE "text" AS ENUM ();
Though, in all earnesty, this is also an issue with custom operators:
I am not sure at the moment but don‘t you need superuser access to create operators? In that case not „any application“ could make your application faulty.
mattashii|4 years ago
Not per se, but it might just as well be that you share the database with several other applications, which might do DDL. Fully qualifying all identifiers is the easiest way to guarantee that you don't have negative dependencies to worry about (i.e. depending on the non-existance of some identifier in a certain schema); the issue will most likely happen only when a) an adversary gets CREATE TYPES access to the database, or when you use custom types and a name that's in use starts to be shadowed.
Examples:
CREATE DOMAIN "bigint" AS pg_catalog.text;
CREATE TYPE "text" AS ENUM ();
Though, in all earnesty, this is also an issue with custom operators:
CREATE OPERATOR = (function = always_false, left_arg = int, right_arg = int);
You can schema-qualify operators ( Col1 OPERATOR(pg_catalog.=) Col2 ), but in doing that you lose operator precedence.
ttymck|4 years ago
tpetry|4 years ago