Skip site navigation (1) Skip section navigation (2)

Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Joe Conway <joe(at)conway-family(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
Date: 2001-06-02 15:04:05
Message-ID: 11903.991494245@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches 
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Will you expect the function to do dequoting etc. as well?  This might get
> out of hand.

Hm.  We already have such code available for nextval(), so I suppose
it might be appropriate to invoke that.  Not sure.  Might be better
to expect the given string to be the correct case already.  Let's see
... if you expect the function to be applied to names extracted from
pg_class or other tables, then exact case would be better --- but it'd
be just as easy to invoke the OID form in such cases.  For hand-entered
data the nextval convention is probably more convenient.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2001-06-02 16:35:42
Subject: Re: Re: Interesting Atricle
Previous:From: Vince VielhaberDate: 2001-06-02 14:59:20
Subject: Re: Re: Interesting Atricle

pgsql-patches by date

Next:From: Marko KreenDate: 2001-06-02 15:14:04
Subject: Re: show all;
Previous:From: Peter EisentrautDate: 2001-06-02 14:49:11
Subject: Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group