"Programmer's Guide, Client Interfaces, libpq, The Fast-Path Interface"
describes PQfn() and has this alarming remark:
"This is a trapdoor into system internals and can be a potential
Sure this isn't true. PQfn() just lets a frontend call a function which is
also accessible (if maybe not useful) via a SELECT statement, correct? If
I'm right, we should remove the scary language from the documentation. If
on the other hand PQfn() is a security hole, could someone post an exploit?
pgsql-interfaces by date
|Next:||From: Tom Lane||Date: 2003-01-01 19:22:49|
|Subject: Re: Is PQfn() insecure or not? |
|Previous:||From: Tom Lane||Date: 2002-12-31 17:16:35|
|Subject: Re: PGLOG problem |