Re: BUG #13449: Auto type cast (int -> numeric) non-reasonable, will case performance problem

Поиск
Список
Период
Сортировка
От Heikki Linnakangas
Тема Re: BUG #13449: Auto type cast (int -> numeric) non-reasonable, will case performance problem
Дата
Msg-id 55821E42.6040907@iki.fi
обсуждение исходный текст
Ответ на BUG #13449: Auto type cast (int -> numeric) non-reasonable, will case performance problem  (digoal@126.com)
Список pgsql-bugs
Дерево обсуждения 
On 06/16/2015 10:17 PM, digoal@126.com wrote:
> When i use an big digital, it auto convert to numeric. and there is no
> int&numeric operator, so left opr auto convert to numeric also.
> for exp:
> postgres=# create table t3(id int);
> CREATE TABLE
> postgres=# insert into t3 select generate_series(1,10000000);
> INSERT 0 10000000
> postgres=# create index idx_t3_id on t3(id);
> CREATE INDEX
> postgres=# explain analyze select * from t3 where
> id>999999999999999999999999999999999;
>                                                               QUERY PLAN
>
>
------------------------------------------------------------------------------------------------------------------------------------
>   Index Only Scan using idx_t3_id on t3  (cost=0.43..238213.43 rows=3333333
> width=4) (actual time=4052.914..4052.914 rows=0 loops=1)
>     Filter: ((id)::numeric > '999999999999999999999999999999999'::numeric)
>     Rows Removed by Filter: 10000000
>     Heap Fetches: 10000000
>   Planning time: 0.283 ms
>   Execution time: 4052.944 ms
> (6 rows)
>
> postgres=# explain analyze select * from t3 where
> id=999999999999999999999999999999999;
>                                                              QUERY PLAN
>
>
----------------------------------------------------------------------------------------------------------------------------------
>   Index Only Scan using idx_t3_id on t3  (cost=0.43..238213.43 rows=50000
> width=4) (actual time=3907.391..3907.391 rows=0 loops=1)
>     Filter: ((id)::numeric = '999999999999999999999999999999999'::numeric)
>     Rows Removed by Filter: 10000000
>     Heap Fetches: 10000000
>   Planning time: 0.103 ms
>   Execution time: 3907.421 ms
> (6 rows)
>
> I think ,this case, PostgreSQL should convert
> 999999999999999999999999999999999 to the same type with column id's type
> int. and raise error.
>
> there is some problem, user can use this to SQL injection attack or other
> things, Oops, Application has ability to filter the overflow digital, but i
> think PostgreSQL also has responsibility to prevent overflow occure.

The current behaviour seems perfectly fine to me. If you want to force a
specific datatype, you're better off passing the parameter out-of-line,
and specify the datatype explicitly. I don't see any security issue here.

- Heikki

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: BUG #13448: DOC about : pg_dump use logical replication snapshot
Следующее
От: Guillaume Lelarge
Дата:
Сообщение: Re: BUG #13450: problem about applying point-in-time recovery