Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
От | Tom Lane |
---|---|
Тема | Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
Дата | |
Msg-id | 24964.991588641@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Peter Eisentraut <peter_e@gmx.net>) |
Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes: > IMHO, nextval() isn't the greatest interface in the world. I do like the > alternative (deprecated?) syntax sequence.nextval() because of the > notational resemblence to OO. Try "nonexistent". I too would like a notation like that, because it would be more transparent to the user w.r.t. case folding and such. But it doesn't exist now. Observe, however, that such a notation would work well only for queries in which the sequence/table name is fixed and known when the query is written. I don't see a way to use it in the case where the name is being computed at runtime (eg, taken from a table column). So it doesn't really solve the problem posed by has_table_privilege. > As I understand it, currently > relation.function(a, b, c) > ends up as being a function call > function(relation, a, b, c) > where the first argument is "text". Sorry, that has nothing to do with reality. What we actually have is an equivalence between the two notationsrel.funcfunc(rel) where the semantics are that an entire tuple of the relation "rel" is passed to the function. This doesn't really gain us anything for the problem at hand (and we'll quite likely have to give it up anyway when we implement schemas, since SQL has very different ideas about what a.b.c means than our current parser does). regards, tom lane
В списке pgsql-hackers по дате отправления: