Re: [PATCHES] createdb/dropdb fixes
От | Peter Eisentraut |
---|---|
Тема | Re: [PATCHES] createdb/dropdb fixes |
Дата | |
Msg-id | Pine.LNX.4.20.9912142039400.388-100000@localhost.localdomain обсуждение исходный текст |
Ответ на | Re: [PATCHES] createdb/dropdb fixes (Thomas Lockhart <lockhart@alumni.caltech.edu>) |
Ответы |
Re: [HACKERS] Re: [PATCHES] createdb/dropdb fixes
|
Список | pgsql-hackers |
On 1999-12-14, Thomas Lockhart mentioned: > That seems to be a bit heavy handed; why bother disallowing things in > the backend because some (small number of) shell-based tools have > trouble as clients? I'd prefer filtering that at the client end, and It's really about statements like this: snprintf(buf, sizeof(buf), "rm -rf '%s'", path); There is no way around disallowing single-quotes unless you double quote the argument and be very careful with the escaping. Of course this particular case might as well use unlink(), but there is a recursive copy of the template1 dir which would take a little more work (opendir(), etc.). At that point we could lift that restriction. > permissions. I haven't looked at the code in a long time, but was > thinking about recoding ACLs as a two-field type to enforce an > unambigous interpretation of the two fields. Interested?? I've been puzzled about this for a long time, is there a reason this is stored as an array at all? Why not use tuples likeaclperm char?aclrelation oidaclentity oid /* user or groupsysid */aclisgroup bool /* is it a user or group? */ And then it looks like this: aclperm|aclrel|acluser|aclisgroup -------+------+-------+---------- R |177777| 100|f W |177777| 100|f R |177777| 120|f R |188888| 5|t That's much cleaner. GRANT and REVOKE would be reduced to simple insert/delete equivalents. I'm not sure how the actual authentication code would like that overheadwise, though. A related issue is pg_group, which I'm currently working on. Those arrays are killing me. A simple user/group associating relation would be much nicer. -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
В списке pgsql-hackers по дате отправления: