Skip site navigation (1) Skip section navigation (2)

Re: pg_largeobject is a security hole

From: Philip Warner <pjw(at)rhyme(dot)com(dot)au>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: pg_largeobject is a security hole
Date: 2001-06-27 23:54:14
Message-ID: 3.0.5.32.20010628095414.03614100@mail.rhyme.com.au (view raw or flat)
Thread:
Lists: pgsql-hackers
At 19:49 27/06/01 -0400, Tom Lane wrote:
>
>Hmm.  [sound of grepping]  So does psql's \lo_list command.  That's
>annoying ... the list of large object OIDs is *exactly* what you'd want
>to hide from the unwashed masses.  Oh well, I'll leave bad enough alone
>for now.
>

I suspect this would be cleaned up when/if we implement LOB LOCATORs: they
have a limited lifetime, should be the only way to retrieve LOBs, and could
hide the underlying OID (which would never be used by external interfaces).


----------------------------------------------------------------
Philip Warner                    |     __---_____
Albatross Consulting Pty. Ltd.   |----/       -  \
(A.B.N. 75 008 659 498)          |          /(@)   ______---_
Tel: (+61) 0500 83 82 81         |                 _________  \
Fax: (+61) 0500 83 82 82         |                 ___________ |
Http://www.rhyme.com.au          |                /           \|
                                 |    --________--
PGP key available upon request,  |  /
and from pgp5.ai.mit.edu:11371   |/

In response to

pgsql-hackers by date

Next:From: Alex PilosovDate: 2001-06-28 00:10:12
Subject: Re: functions returning records
Previous:From: Tom LaneDate: 2001-06-27 23:49:26
Subject: Re: pg_largeobject is a security hole

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group