Home > mailing lists

Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
Date	June 8, 2001 15:19:10
Msg-id	Pine.LNX.4.30.0106081806240.757-100000@peter.localdomain Whole thread Raw
In response to	Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane writes:

> Weren't you just arguing that such cases could/should use the OID, not
> the name at all?

Yes, but if we're going to have name arguments, we should have sane ones.

> ISTM the name-based variants will primarily be used for user-entered
> names, and in that case the user can reasonably expect that a name
> will be interpreted the same way as if he'd written it out in a query.

That would be correct if the user were actually entering the name in the
same way, i.e., unquoted or double-quoted.

> The nextval approach is ugly, I'll grant you, but it's also functional.

But it's incompatible with the SQL conventions.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter

pgsql-hackers by date:

From: Thomas Lockhart
Date: 08 June 2001, 14:52:20
Subject: Re: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards

From: Thomas Lockhart
Date: 08 June 2001, 15:41:55
Subject: Re: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards

Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal - Mailing list pgsql-hackers

Previous

Next