reuse sysids security hole? - Mailing list pgsql-hackers

From Andrew Dunstan
Subject reuse sysids security hole?
Date
Msg-id 3F38FB9F.5000304@dunslane.net
Whole thread Raw
Responses Re: reuse sysids security hole?
List pgsql-hackers
(Thought triggered by something Tom said the other day)

Is this a security hole? Looks like one to me. Would it be better to use 
a sequence generator for sysids instead of using max+1 on the user 
table? Or else store the last sysid used somewhere?

andrew

facetest=# create user blurfl;
CREATE USER
facetest=# create table blurfltable (a text, b text);
CREATE TABLE
facetest=# alter table blurfltable owner to blurfl;
ALTER TABLE
facetest=# drop user blurfl;
DROP USER
facetest=# create user floobl;
CREATE USER
facetest=# \dt blurfltable          List of relationsSchema |    Name     | Type  | Owner 
--------+-------------+-------+--------public | blurfltable | table | floobl
(1 row)

facetest=#



pgsql-hackers by date:

Previous
From: Jan Wieck
Date:
Subject: Re: Farewell
Next
From: Gavin Sherry
Date:
Subject: Re: reuse sysids security hole?