Skip site navigation (1) Skip section navigation (2)

Is PQfn() insecure or not?

From: ljb <lbayuk(at)mindspring(dot)com>
To: pgsql-interfaces(at)postgresql(dot)org
Subject: Is PQfn() insecure or not?
Date: 2003-01-01 00:40:31
Message-ID: autddu$2uri$1@news.hub.org (view raw or flat)
Thread:
Lists: pgsql-interfaces
"Programmer's Guide, Client Interfaces, libpq, The Fast-Path Interface"
describes PQfn() and has this alarming remark:

  "This is a trapdoor into system internals and can be a potential
   security hole."

Sure this isn't true. PQfn() just lets a frontend call a function which is
also accessible (if maybe not useful) via a SELECT statement, correct?  If
I'm right, we should remove the scary language from the documentation.  If
on the other hand PQfn() is a security hole, could someone post an exploit?

Responses

pgsql-interfaces by date

Next:From: Tom LaneDate: 2003-01-01 19:22:49
Subject: Re: Is PQfn() insecure or not?
Previous:From: Tom LaneDate: 2002-12-31 17:16:35
Subject: Re: PGLOG problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group