Home > mailing lists

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

From	Gregory Stark
Subject	Re: Insufficient attention to security in contrib (mostly)
Date	August 27, 2007 00:53:26
Msg-id	87bqctyf0i.fsf@oxford.xeocode.com Whole thread Raw
In response to	Insufficient attention to security in contrib (mostly) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

"Tom Lane" <tgl@sss.pgh.pa.us> writes:

> Lastly, int4notin() and oidnotin() have no permission checking, which
> means you can find out whether specific values are or are not present
> in an int4 or oid column you shouldn't read.  This code is so old,
> crufty, and undocumented that I'm strongly inclined to remove it
> instead of fix it --- it really has no excuse to live when we support
> IN (sub-SELECT) constructs.
>
> Comments?

Wow, those are strange beasts.

--  Gregory Stark EnterpriseDB          http://www.enterprisedb.com

pgsql-hackers by date:

From: Gregory Stark
Date: 27 August 2007, 00:52:53
Subject: Re: Final background writer cleanup for 8.3

From: "Albe Laurenz"
Date: 27 August 2007, 08:07:24
Subject: Re: [GENERAL] Undetected corruption of table files

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

Previous

Next