Home > mailing lists

Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
Date	June 3, 2001 14:17:48
Msg-id	Pine.LNX.4.30.0106031703120.757-100000@peter.localdomain Whole thread Raw
Responses	Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

[ -> hackers ]

Tom Lane writes:

> > Will you expect the function to do dequoting etc. as well?  This might get
> > out of hand.
>
> Hm.  We already have such code available for nextval(),

IMHO, nextval() isn't the greatest interface in the world.  I do like the
alternative (deprecated?) syntax sequence.nextval() because of the
notational resemblence to OO.  (We might even be able to turn this into
something like an SQL99 "class" feature.)

As I understand it, currently
   relation.function(a, b, c)

ends up as being a function call
   function(relation, a, b, c)

where the first argument is "text".  This is probably an unnecessary
fragility, since the oid of the relation should already be known by that
time.  So perhaps we could change this that the first argument gets passed
in an Oid.  Then we'd really only need the Oid version of Joe's
has_*_privilege functions.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter

pgsql-hackers by date:

From: Gavin Sherry
Date: 03 June 2001, 01:04:11
Subject: Re: Full text searching, anyone interested?

From: Tom Lane
Date: 03 June 2001, 16:17:36
Subject: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal

Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

Previous

Next