Re: [GENERAL] Security implications of (plpgsql) functions
| От | Robert Treat |
|---|---|
| Тема | Re: [GENERAL] Security implications of (plpgsql) functions |
| Дата | |
| Msg-id | 1035224267.3750.10.camel@camel обсуждение исходный текст |
| Ответ на | Re: [GENERAL] Security implications of (plpgsql) functions (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
I've seen the idea of "user resource limits" bandied about before as a way to address these problems; depending on implementation that might be the way to go. Robert Treat On Mon, 2002-10-21 at 12:44, Tom Lane wrote: > Joe Conway <mail@joeconway.com> writes: > > Is there any way to recognize infinite recursion by analyzing the saved > > execution tree -- i.e. can we assume that a function that calls itself, with > > the same arguments with which it was called, constitutes infinite recursion? > > A bulletproof solution would be equivalent to solving the halting > problem, I believe. The test you mentioned is easily defeated by > recursing between two functions. Also, a would-be instigator of > DOS doesn't need *infinite* recursion; it could be quite finite and > still blow out your stack. For example ask for factorial(10million) > where factorial is defined in the traditional recursive way... > > regards, tom lane >
В списке pgsql-hackers по дате отправления: