Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
| От | Tom Lane |
|---|---|
| Тема | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Дата | |
| Msg-id | 8865.991973165@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole
- Solution Proposal
|
| Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes:
> Since these functions will primarily be used in building a sort of
> information schema and for querying system catalogs, we should use the
> approach that is or will be used there: character type values contain the
> table name already case-adjusted.
Weren't you just arguing that such cases could/should use the OID, not
the name at all? ISTM the name-based variants will primarily be used
for user-entered names, and in that case the user can reasonably expect
that a name will be interpreted the same way as if he'd written it out
in a query.
The nextval approach is ugly, I'll grant you, but it's also functional.
We got complaints about nextval before we put that in; we get lots
fewer now.
regards, tom lane
В списке pgsql-hackers по дате отправления: