Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
От | Peter Eisentraut |
---|---|
Тема | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
Дата | |
Msg-id | Pine.LNX.4.30.0106071607580.757-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal
|
Список | pgsql-hackers |
Tom Lane writes: > My feeling is that the name-based variants of has_table_privilege should > perform downcasing and truncation of the supplied strings before trying > to use them as tablename or username; see get_seq_name in > backend/commands/sequence.c for a model. I don't like this approach. It's ugly, non-intuitive, and inconvenient. Since these functions will primarily be used in building a sort of information schema and for querying system catalogs, we should use the approach that is or will be used there: character type values contain the table name already case-adjusted. Imagine the pain we would have to go through to *re-quote* the names we get from the system catalogs and information schema components before passing them to this function. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
В списке pgsql-hackers по дате отправления: