Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe

Поиск
Список
Период
Сортировка
От Alvaro Herrera
Тема Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
Дата
Msg-id 20080331222247.GI24048@alvh.no-ip.org
обсуждение исходный текст
Ответ на Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe  ("Dave Page" <dpage@pgadmin.org>)
Список pgsql-bugs
Дерево обсуждения 
Dave Page wrote:
> On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >  If this were a security issue, you already spilled the beans by
> >  reporting it to a public mailing list; so I'm unsure what you are
> >  concerned about.
>
> I'd wager that Lars didn't realise the bug form goes straight to the
> list. We should probably make that more clear.
>
> On the other hand it does say to report security issues to security@...

Let's have a checkbox "I am reporting a security issue" and send the
mail to security@ if checked.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

В списке pgsql-bugs по дате отправления:

Предыдущее
От: "Dave Page"
Дата:
Сообщение: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
Следующее
От: "Lars E. Olson"
Дата:
Сообщение: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe