Home > mailing lists

Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
Date	June 8, 2001 03:07:36
Msg-id	8865.991973165@sss.pgh.pa.us Whole thread Raw
In response to	Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> Since these functions will primarily be used in building a sort of
> information schema and for querying system catalogs, we should use the
> approach that is or will be used there:  character type values contain the
> table name already case-adjusted.

Weren't you just arguing that such cases could/should use the OID, not
the name at all?  ISTM the name-based variants will primarily be used
for user-entered names, and in that case the user can reasonably expect
that a name will be interpreted the same way as if he'd written it out
in a query.

The nextval approach is ugly, I'll grant you, but it's also functional.
We got complaints about nextval before we put that in; we get lots
fewer now.
        regards, tom lane

pgsql-hackers by date:

From: Stephan Szabo
Date: 07 June 2001, 20:20:53
Subject: Re: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards

From: "Mark Pritchard"
Date: 08 June 2001, 03:35:41
Subject: PostgreSQL and replication

Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

Previous

Next