| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "qiumingcheng" <qiumingcheng(at)aliyun(dot)com> |
| Cc: | "Laurenz Albe" <laurenz(dot)albe(at)cybertec(dot)at>, "Julien Rouhaud" <rjuju123(at)gmail(dot)com>, "pgsql-general" <pgsql-general(at)lists(dot)postgresql(dot)org>, "yuexingzhi" <yuexingzhi(at)hotmail(dot)com> |
| Subject: | Re: 回复:回复:回复:回复:A question about leakproof |
| Date: | 2022-10-17 16:27:39 |
| Message-ID: | 2336717.1666024059@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"qiumingcheng" <qiumingcheng(at)aliyun(dot)com> writes:
> Yes, It's capable of throwing an error(timestamp out of range) , but the
> message "timestamp out of range" is not sensitive information.
Really? Whether that's true at all is a matter of opinion. There's
also the prospect that somebody could determine the value of a
supposedly-unreadable timestamp by seeing how big an interval could
be added to it without overflow. Maybe that's infeasible because of
timestamp_pl_interval not being marked leakproof, but then we're
getting into precisely the sort of conditional-on-other-assumptions
reasoning that we don't want to indulge in.
> Only from this function(timestamp_gt_timestamptz), can it be marked as leakproof?
Project policy is that we will not mark a function as leakproof unless
it's evident from the text of the function that it can't throw errors.
I don't see a good argument for making a exception for this one.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | qiumingcheng | 2022-10-18 00:17:44 | 回复:回复:回复:回复:回复:A question about leakproof |
| Previous Message | qiumingcheng | 2022-10-17 15:47:19 | 回复:回复:回复:回复:A question about leakproof |