Home > mailing lists

Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe - Mailing list pgsql-bugs

From	Alvaro Herrera
Subject	Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
Date	March 31, 2008 22:23:25
Msg-id	20080331222247.GI24048@alvh.no-ip.org Whole thread Raw
In response to	Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe ("Dave Page" <dpage@pgadmin.org>)
List	pgsql-bugs

Tree view

Dave Page wrote:
> On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >  If this were a security issue, you already spilled the beans by
> >  reporting it to a public mailing list; so I'm unsure what you are
> >  concerned about.
>
> I'd wager that Lars didn't realise the bug form goes straight to the
> list. We should probably make that more clear.
>
> On the other hand it does say to report security issues to security@...

Let's have a checkbox "I am reporting a security issue" and send the
mail to security@ if checked.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-bugs by date:

From: "Dave Page"
Date: 31 March 2008, 22:04:54
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe

From: "Lars E. Olson"
Date: 31 March 2008, 22:36:39
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe

Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe - Mailing list pgsql-bugs

Previous

Next