Home > mailing lists

Re: [GENERAL] Security implications of (plpgsql) functions - Mailing list pgsql-hackers

From	Doug McNaught
Subject	Re: [GENERAL] Security implications of (plpgsql) functions
Date	October 21, 2002 15:27:51
Msg-id	m3smyzsqon.fsf@varsoon.wireboard.com Whole thread Raw
In response to	Re: [GENERAL] Security implications of (plpgsql) functions (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Joe Conway <mail@joeconway.com> writes:

> Tom Lane wrote:
> > A depth limit for PL-function recursion is perhaps feasible, but I can't
> > say that I care for it a whole lot ... anyone have better ideas?
> >
> 
> Is there any way to recognize infinite recursion by analyzing the
> saved execution tree -- i.e. can we assume that a function that calls
> itself, with the same arguments with which it was called, constitutes
> infinite recursion?

Solved the halting problem lately?  ;)

Someone determined to DoS could probably get around any practical
implementation of your idea, using dummy argument, mutual recursion or
whatever. 

-Doug

pgsql-hackers by date:

From: Doug McNaught
Date: 21 October 2002, 15:25:17
Subject: Re: Postgresql and multithreading

From: Tom Lane
Date: 21 October 2002, 15:40:57
Subject: Re: autocommit vs TRUNCATE et al

Re: [GENERAL] Security implications of (plpgsql) functions - Mailing list pgsql-hackers

Previous

Next