From:
Peter Eisentraut <peter_e(at)gmx(dot)net>
To:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:
Joe Conway <joe(at)conway-family(dot)com>,
PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject:
Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution
Proposal
Date:
2001-06-03 15:18:20
Message-ID:
Pine.LNX.4.30.0106031703120.757-100000@peter.localdomain (view raw or flat )
Thread:
2001-06-01 06:31:51 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-01 15:04:10 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-01 17:18:07 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-01 22:33:30 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-02 22:14:41 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-02 23:26:12 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-03 03:22:44 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-09 22:15:54 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-09 22:18:33 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-09 22:20:32 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-02 14:49:11 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-02 15:04:05 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-03 15:18:20 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-03 17:17:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-06 21:45:57 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-06 22:10:00 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-07 05:09:05 from "Joe Conway" <joe(dot)conway(at)mail(dot)com>
2001-06-07 05:09:27 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-07 05:20:02 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-07 05:09:31 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-07 05:09:35 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-07 14:16:33 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-08 04:06:05 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-08 16:09:50 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-09 01:28:20 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-09 04:31:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-10 02:26:52 from "Joe Conway" <joe(at)conway-family(dot)com>
2001-06-12 01:44:53 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-12 01:45:31 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-12 02:32:14 from "Joe Conway" <joseph(dot)conway(at)home(dot)com>
2001-06-12 02:34:53 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-14 02:52:59 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-11 04:57:21 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-12 16:01:23 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-12 16:15:22 from Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
2001-06-13 17:22:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-13 21:14:38 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2001-06-14 01:19:52 from "Joe Conway" <joseph(dot)conway(at)home(dot)com>
2001-06-14 01:27:20 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2001-06-14 01:37:00 from "Joe Conway" <joseph(dot)conway(at)home(dot)com>
2001-06-14 01:40:55 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Lists:
pgsql-hackers pgsql-patches
[ -> hackers ]
Tom Lane writes:
> > Will you expect the function to do dequoting etc. as well? This might get
> > out of hand.
>
> Hm. We already have such code available for nextval(),
IMHO, nextval() isn't the greatest interface in the world. I do like the
alternative (deprecated?) syntax sequence.nextval() because of the
notational resemblence to OO. (We might even be able to turn this into
something like an SQL99 "class" feature.)
As I understand it, currently
relation.function(a, b, c)
ends up as being a function call
function(relation, a, b, c)
where the first argument is "text". This is probably an unnecessary
fragility, since the oid of the relation should already be known by that
time. So perhaps we could change this that the first argument gets passed
in an Oid. Then we'd really only need the Oid version of Joe's
has_*_privilege functions.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
In response to
Responses
pgsql-hackers by date
Next :From: Tom LaneDate: 2001-06-03 17:17:21Subject : Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal Previous :From : Joe ConwayDate : 2001-06-03 03:22:44Subject : Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
pgsql-patches by date
Next :From: Tom LaneDate: 2001-06-03 17:17:21Subject : Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal Previous :From : Joe ConwayDate : 2001-06-03 03:22:44Subject : Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
