Ignore missing UDR libraries during restore #7168
Comments
|
UDFs without their libraries, at least in recent versions, are allowed to be created even in the normal use (outside restore). Should we do the same for UDRs? |
|
Do we check for parameters match when create UDR? |
Please elaborate. |
|
With UDF we have absolutely no ways to check for parameters match (and this is what a lot related vulnerabilities are using). If some of that checks are performed at create time then adding UDR without the library seems to be bad idea, otherwise - why not. |
|
UDR may accept metadata defined structure in its message or change it (its message). At this time, if UDR does not reject (throwing), incompatible message conversion may be created. Error will happen in runtime. We can make this better. Now when creating UDR (via DDL or restore), it loads metadata and error about undefined library happens. If we make it relaxed as UDF it may be worse as user error will be deferred to execution. But as external engines is layered it seems difficult to at DDL creation only accept error about undefined library. So it looks like to better just allow every type of error in creation via restore (not loading UDR metadata) and maintain DDL metadata loading which may detect error sooner. |
We have this supported for UDFs since the first FB versions and it's quite handy, especially for developers/supporters dealing with user databases. It's not working for UDRs though, error is thrown during restore ("UDR module not loaded"). It would be nice to be able to restore such databases, with nullified module/node pointers and re-validate them before execution, similarly to how it's done for UDFs.
The text was updated successfully, but these errors were encountered: