Home > mailing lists

Re: Early December Commitfest app release - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: Early December Commitfest app release
Date	November 15 16:04:54
Msg-id	CABUevEx=MvxutrwREiS=SaOHpeDjivfqDbvjfaq+iw5jaMwWhQ@mail.gmail.com Whole thread Raw
In response to	Re: Early December Commitfest app release (Jacob Champion <jacob.champion@enterprisedb.com>)
Responses	Re: Early December Commitfest app release
List	pgsql-hackers

Tree view

On Wed, Nov 12, 2025, 22:48 Jacob Champion <jacob.champion@enterprisedb.com> wrote:

On Tue, Nov 11, 2025 at 2:12 AM Jelte Fennema-Nio <me@jeltef.nl> wrote:
> 3. Make user dropdowns searchable when not logged in

Adding Magnus -- Magnus, do you remember the rationale for re-adding
this protection back in 6ff8c6a52? Does it still apply?

Yes, IIRC we had security complaints about people being able to enumerate all users without being logged in. Since it's not just users who submitted any data, it was enough to just having clicked a link once...

If it was restricted to only show those that had actually submitted into it would've probably been considered OK - but at the time it was not considered to be worth the effort to split those up.

/Magnus

pgsql-hackers by date:

From: jian he
Date: 15 November, 14:11:38
Subject: Re: ON CONFLICT DO SELECT (take 3)

From: "David G. Johnston"
Date: 15 November, 16:23:39
Subject: Re: Document NULL

Re: Early December Commitfest app release - Mailing list pgsql-hackers

Previous

Next