Skip site navigation (1) Skip section navigation (2)

Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Joe Conway <joe(at)conway-family(dot)com>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
Date: 2001-06-01 17:18:07
Message-ID: 3361.991415887@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> This is probably going to blow up when we have the said schema support.
> Probably better to reference things by oid.

Two versions, one that takes an oid and one that takes a name, might be
convenient.  The name version will probably have to accept qualified
names (schema.table) once we have schema support --- but I don't think
that needs to break the function definition.  An unqualified name would
be looked up using whatever schema resolution rules would be in effect
for ordinary table references.

We might also want the user to be specified by usesysid rather than
name; and a two-parameter form that assumes user == current_user would
be a particularly useful shorthand.

> Also, since things other than
> relations might have privileges sometime, the function name should
> probably imply this; maybe "has_table_privilege".

Agreed.

> * I'm not sure whether it's useful to handle NULL parameters explicitly.
>   The common approach is to return NULL, which would be semantically right
>   for this function.

The standard approach for C-coded functions is to mark them
'proisstrict' in pg_proc, and then not waste any code checking for NULL;
the function manager takes care of it for you.  The only reason not to
do it that way is if you actually want to return non-NULL for (some
cases with) NULL inputs.  Offhand this looks like a strict function to
me...

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Matthew T. O'ConnorDate: 2001-06-01 17:32:46
Subject: Interesting Atricle
Previous:From: Ian Lance TaylorDate: 2001-06-01 17:13:50
Subject: Re: Re: Support for %TYPE in CREATE FUNCTION

pgsql-patches by date

Next:From: Marko KreenDate: 2001-06-01 19:52:42
Subject: unary plus
Previous:From: Ian Lance TaylorDate: 2001-06-01 17:13:50
Subject: Re: Re: Support for %TYPE in CREATE FUNCTION

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group