| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Joe Conway <joe(at)conway-family(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Date: | 2001-06-07 14:16:33 |
| Message-ID: | Pine.LNX.4.30.0106071607580.757-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Tom Lane writes:
> My feeling is that the name-based variants of has_table_privilege should
> perform downcasing and truncation of the supplied strings before trying
> to use them as tablename or username; see get_seq_name in
> backend/commands/sequence.c for a model.
I don't like this approach. It's ugly, non-intuitive, and inconvenient.
Since these functions will primarily be used in building a sort of
information schema and for querying system catalogs, we should use the
approach that is or will be used there: character type values contain the
table name already case-adjusted. Imagine the pain we would have to go
through to *re-quote* the names we get from the system catalogs and
information schema components before passing them to this function.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vince Vielhaber | 2001-06-07 14:23:51 | grant and SQL92 |
| Previous Message | Martín Marqués | 2001-06-07 13:56:29 | Rules and permissions on 7.1.2 (bug) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-08 04:06:05 | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Previous Message | Marko Kreen | 2001-06-07 13:10:45 | Re: take 2: show all / reset all |