| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Plans for 9.1, Grouping Sets, disabling multiqueries, contrib module for string, plpgpsm, preload dictionaries |
| Date: | 2010-02-21 10:00:29 |
| Message-ID: | 162867791002210200k2e42ffc0q4506438785ad751a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
* Now I am working on migration of plpgpsm to plpgsql 9.0 base. I hope
so I understand SQL/PSM well so I am able to write production quality
implementation. If you like, I can integrate it to core. It can share
about 40-50% code with plpgpsm. The behave of plpgpsm is same as
plpgsql - without some plpgsql's historical issues (about FOUND, about
NULL and record type). SQL/PSM is litlle bit richer language. Now we
have not any wide used runtime so I don't thinking about rewriting.
Maybe we can rewrite these PL language for parrot or lua runtime in
future. But this step isn't necessary - people hasn't performance
problems with PL based on PL runtime.
* Month ago there was discussion about integration sprintf function to
core. I don't think it is good idea. sprintf implementation isn't
simple. I prefer more simple "format" function based on RAISE NOTICE
... behave and code. It is significantly shorter and simpler. But for
people who like sprintf we can prepare some contrib module with basic
string functions - sprintf, left, right, reverse. This module can be
based on cleaned pstcollection -
http://pgfoundry.org/frs/download.php/2556/pstcoll-100127.tar.gz.
* Last two months I spent some time with preparing workshops about SQL
injection. PostgreSQL has only one issue related to this topic. It
allows multi queries. With this feature any successful injection can
have much more destructive impact. Now we have a GUC per user. I know,
we cannot break multiqueries without breaking basic functionality. But
we can break multiple queries on top level for some selected users -
(web application roles). Then we are able to configure database for
"secure web access". >>It isn't protection against SQL injection<<.
But it can down up possible risk about successful SQL injection. +
downgrade rights on system tables for web application roles.
* I would to like solve problem with fulltext reported by Czech users.
I will try implement preloaded TSearch dictionaries.
* Still I thinking about GROUPING SETS feature.
Regards
Pavel Stehule
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-02-21 11:43:57 | getting to beta |
| Previous Message | Dimitri Fontaine | 2010-02-21 09:38:29 | Re: parallelizing subplan execution |