| From: | Philip Warner <pjw(at)rhyme(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_largeobject is a security hole |
| Date: | 2001-06-27 23:54:14 |
| Message-ID: | 3.0.5.32.20010628095414.03614100@mail.rhyme.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At 19:49 27/06/01 -0400, Tom Lane wrote:
>
>Hmm. [sound of grepping] So does psql's \lo_list command. That's
>annoying ... the list of large object OIDs is *exactly* what you'd want
>to hide from the unwashed masses. Oh well, I'll leave bad enough alone
>for now.
>
I suspect this would be cleaned up when/if we implement LOB LOCATORs: they
have a limited lifetime, should be the only way to retrieve LOBs, and could
hide the underlying OID (which would never be used by external interfaces).
----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.B.N. 75 008 659 498) | /(@) ______---_
Tel: (+61) 0500 83 82 81 | _________ \
Fax: (+61) 0500 83 82 82 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alex Pilosov | 2001-06-28 00:10:12 | Re: functions returning records |
| Previous Message | Tom Lane | 2001-06-27 23:49:26 | Re: pg_largeobject is a security hole |