Skip site navigation (1) Skip section navigation (2)

Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a viewdefinition is unsafe

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Lars Olson <leolson1(at)uiuc(dot)edu>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a viewdefinition is unsafe
Date: 2008-03-31 22:22:47
Message-ID: 20080331222247.GI24048@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-www
Dave Page wrote:
> On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >  If this were a security issue, you already spilled the beans by
> >  reporting it to a public mailing list; so I'm unsure what you are
> >  concerned about.
> 
> I'd wager that Lars didn't realise the bug form goes straight to the
> list. We should probably make that more clear.
> 
> On the other hand it does say to report security issues to security(at)(dot)(dot)(dot)

Let's have a checkbox "I am reporting a security issue" and send the
mail to security@ if checked.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

In response to

Responses

pgsql-www by date

Next:From: Bruce MomjianDate: 2008-04-02 02:40:03
Subject: varadic patch
Previous:From: Dave PageDate: 2008-03-31 22:04:25
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe

pgsql-bugs by date

Next:From: uriDate: 2008-04-01 08:47:25
Subject: BUG #4075: PostgreSQL Database Server 8.2 failed to start
Previous:From: Dave PageDate: 2008-03-31 22:04:25
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group