Home > mailing lists

reuse sysids security hole? - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	reuse sysids security hole?
Date	August 12, 2003 14:37:32
Msg-id	3F38FB9F.5000304@dunslane.net Whole thread Raw
Responses	Re: reuse sysids security hole?
List	pgsql-hackers

Tree view

(Thought triggered by something Tom said the other day)

Is this a security hole? Looks like one to me. Would it be better to use 
a sequence generator for sysids instead of using max+1 on the user 
table? Or else store the last sysid used somewhere?

andrew

facetest=# create user blurfl;
CREATE USER
facetest=# create table blurfltable (a text, b text);
CREATE TABLE
facetest=# alter table blurfltable owner to blurfl;
ALTER TABLE
facetest=# drop user blurfl;
DROP USER
facetest=# create user floobl;
CREATE USER
facetest=# \dt blurfltable          List of relationsSchema |    Name     | Type  | Owner 
--------+-------------+-------+--------public | blurfltable | table | floobl
(1 row)

facetest=#

pgsql-hackers by date:

From: Jan Wieck
Date: 12 August 2003, 14:35:30
Subject: Re: Farewell

From: Gavin Sherry
Date: 12 August 2003, 14:43:06
Subject: Re: reuse sysids security hole?

reuse sysids security hole? - Mailing list pgsql-hackers

Previous

Next