| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Joe Conway <joe(at)conway-family(dot)com>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Date: | 2001-06-02 15:04:05 |
| Message-ID: | 11903.991494245@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Will you expect the function to do dequoting etc. as well? This might get
> out of hand.
Hm. We already have such code available for nextval(), so I suppose
it might be appropriate to invoke that. Not sure. Might be better
to expect the given string to be the correct case already. Let's see
... if you expect the function to be applied to names extracted from
pg_class or other tables, then exact case would be better --- but it'd
be just as easy to invoke the OID form in such cases. For hand-entered
data the nextval convention is probably more convenient.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-06-02 16:35:42 | Re: Re: Interesting Atricle |
| Previous Message | Vince Vielhaber | 2001-06-02 14:59:20 | Re: Re: Interesting Atricle |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Kreen | 2001-06-02 15:14:04 | Re: show all; |
| Previous Message | Peter Eisentraut | 2001-06-02 14:49:11 | Re: Fw: Isn't pg_statistic a security hole - Solution Proposal |