Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Joe Conway <joe(at)conway-family(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
Date: 2001-06-03 17:17:21
Message-ID: 24964.991588641@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> IMHO, nextval() isn't the greatest interface in the world.  I do like the
> alternative (deprecated?) syntax sequence.nextval() because of the
> notational resemblence to OO.

Try "nonexistent".  I too would like a notation like that, because it
would be more transparent to the user w.r.t. case folding and such.
But it doesn't exist now.

Observe, however, that such a notation would work well only for queries
in which the sequence/table name is fixed and known when the query is
written.  I don't see a way to use it in the case where the name is
being computed at runtime (eg, taken from a table column).  So it
doesn't really solve the problem posed by has_table_privilege.

> As I understand it, currently
>     relation.function(a, b, c)
> ends up as being a function call
>     function(relation, a, b, c)
> where the first argument is "text".

Sorry, that has nothing to do with reality.  What we actually have is
an equivalence between the two notations
	rel.func
	func(rel)
where the semantics are that an entire tuple of the relation "rel" is
passed to the function.  This doesn't really gain us anything for the
problem at hand (and we'll quite likely have to give it up anyway when
we implement schemas, since SQL has very different ideas about what
a.b.c means than our current parser does).

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: mlwDate: 2001-06-03 17:22:03
Subject: Re: Full text searching, anyone interested?
Previous:From: Peter EisentrautDate: 2001-06-03 15:18:20
Subject: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal

pgsql-patches by date

Next:From: Tom LaneDate: 2001-06-04 14:25:02
Subject: Re: Australian timezone configure option
Previous:From: Peter EisentrautDate: 2001-06-03 15:18:20
Subject: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group