Is PQfn() insecure or not? - Mailing list pgsql-interfaces

From ljb
Subject Is PQfn() insecure or not?
Date
Msg-id autddu$2uri$1@news.hub.org
Whole thread Raw
Responses Re: Is PQfn() insecure or not?
List pgsql-interfaces
"Programmer's Guide, Client Interfaces, libpq, The Fast-Path Interface"
describes PQfn() and has this alarming remark:
 "This is a trapdoor into system internals and can be a potential  security hole."

Sure this isn't true. PQfn() just lets a frontend call a function which is
also accessible (if maybe not useful) via a SELECT statement, correct?  If
I'm right, we should remove the scary language from the documentation.  If
on the other hand PQfn() is a security hole, could someone post an exploit?


pgsql-interfaces by date:

Previous
From: Tom Lane
Date:
Subject: Re: PGLOG problem
Next
From: Tom Lane
Date:
Subject: Re: Is PQfn() insecure or not?