Home > mailing lists

Re: Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
Date	June 2, 2001 14:09:55
Msg-id	11903.991494245@sss.pgh.pa.us Whole thread Raw
In response to	Re: Fw: Isn't pg_statistic a security hole - Solution Proposal (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-patches

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> Will you expect the function to do dequoting etc. as well?  This might get
> out of hand.

Hm.  We already have such code available for nextval(), so I suppose
it might be appropriate to invoke that.  Not sure.  Might be better
to expect the given string to be the correct case already.  Let's see
... if you expect the function to be applied to names extracted from
pg_class or other tables, then exact case would be better --- but it'd
be just as easy to invoke the OID form in such cases.  For hand-entered
data the nextval convention is probably more convenient.

            regards, tom lane

pgsql-patches by date:

From: Peter Eisentraut
Date: 02 June 2001, 13:48:19
Subject: Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

From: Marko Kreen
Date: 02 June 2001, 14:13:48
Subject: Re: show all;

Re: Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-patches

Previous

Next