Re: [Pljava-dev] Re: Should creating a new base type require superuser status? - Mailing list pgsql-hackers
| From | Kris Jurka |
|---|---|
| Subject | Re: [Pljava-dev] Re: Should creating a new base type require superuser status? |
| Date | |
| Msg-id | 499BBA18.2000309@ejurka.com Whole thread Raw |
| In response to | Re: [Pljava-dev] Re: Should creating a new base type require superuser status? (Thomas Hallgren <thomas@tada.se>) |
| Responses |
Re: [Pljava-dev] Re: Should creating a new base type require
superuser status?
(Thomas Hallgren <thomas@tada.se>)
|
| List | pgsql-hackers |
Thomas Hallgren wrote:
> Kris Jurka wrote:
>>
>> 3) By value: pljava does not correctly handle passed by value types
>> correctly, allowing access to random memory.
>>
> This is simply not true. There's no way a Java developer can access
> random memory through PL/Java.
No, the point is that the Java developer can provide some data which can
convince postgresql to fetch random data for the user.
Consider the attached type which is simply an int4 equivalent.
Depending on how you define it as passed by value or passed by reference
it will or will not work (attached).
This looks like it works:
jurka=# select '1'::intbyref, '2'::intbyval;
intbyref | intbyval
----------+----------
1 | 2
(1 row)
But it doesn't really:
jurka=# create table inttest (a intbyref, b intbyval);
CREATE TABLE
jurka=# insert into inttest values ('1', '2');
INSERT 0 1
jurka=# select * from inttest;
a | b
---+------------
1 | 2139062143
(1 row)
You can also get:
jurka=# select * from inttest;
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
Kris Jurka
package types;
import java.io.IOException;
import java.sql.SQLData;
import java.sql.SQLException;
import java.sql.SQLInput;
import java.sql.SQLOutput;
import java.util.logging.Logger;
public class Int implements SQLData
{
private static Logger s_logger = Logger.getAnonymousLogger();
private int m_i;
private String m_typeName;
public static Int parse(String input, String typeName) throws SQLException
{
try
{
int i = Integer.parseInt(input);
return new Int(i, typeName);
}
catch(NumberFormatException e)
{
throw new SQLException(e.getMessage());
}
}
public Int()
{
}
public Int(int i, String typeName)
{
m_i = i;
m_typeName = typeName;
}
public String getSQLTypeName()
{
return m_typeName;
}
public void readSQL(SQLInput stream, String typeName) throws SQLException
{
s_logger.info(typeName + " from SQLInput");
m_i = stream.readInt();
m_typeName = typeName;
}
public void writeSQL(SQLOutput stream) throws SQLException
{
s_logger.info(m_typeName + " to SQLOutput");
stream.writeInt(m_i);
}
public String toString()
{
s_logger.info(m_typeName + " toString");
return Integer.toString(m_i);
}
}
CREATE TYPE intbyval;
CREATE FUNCTION intbyval_in(cstring)
RETURNS intbyval
AS 'UDT[types.Int] input'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyval_out(intbyval)
RETURNS cstring
AS 'UDT[types.Int] output'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyval_recv(internal)
RETURNS intbyval
AS 'UDT[types.Int] receive'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyval_send(intbyval)
RETURNS bytea
AS 'UDT[types.Int] send'
LANGUAGE java IMMUTABLE STRICT;
CREATE TYPE intbyval (
internallength = 4,
input = intbyval_in,
output = intbyval_out,
receive = intbyval_recv,
send = intbyval_send,
passedbyvalue
);
CREATE TYPE intbyref;
CREATE FUNCTION intbyref_in(cstring)
RETURNS intbyref
AS 'UDT[types.Int] input'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyref_out(intbyref)
RETURNS cstring
AS 'UDT[types.Int] output'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyref_recv(internal)
RETURNS intbyref
AS 'UDT[types.Int] receive'
LANGUAGE java IMMUTABLE STRICT;
CREATE FUNCTION intbyref_send(intbyref)
RETURNS bytea
AS 'UDT[types.Int] send'
LANGUAGE java IMMUTABLE STRICT;
CREATE TYPE intbyref (
internallength = 4,
input = intbyref_in,
output = intbyref_out,
receive = intbyref_recv,
send = intbyref_send
);
pgsql-hackers by date: