Re: [HACKERS] PostgreSQL 6.5.2

Massimo Dal Zotto <dz@wizard.net> writes:
>> I don't much care for QueryLimit (we got rid of that for a reason!)

> The QueryLimit has been reintroduced because it can be used to set a global
> default limit for all queries instead of hacking manually some hundred
> queries. I admit that the LIMIT...OFFSET is a cleaner way to do it, but
> having the possibility to specify a global default doesn't hurt.

Yes it does: it creates the possibility of breaking (returning
incomplete answers to) queries inside rules, triggers, procedures, etc.
In the worst case it could be used by an unprivileged user to subvert
security checks built into a database by means of rules.

I think this "feature" is far too dangerous to put into the general
distribution.

What would be reasonably safe is a limit that applies *only* to data
being returned to the interactive user, but that would be a different
mechanism than the LIMIT clause; I'm not sure where it would need to
be implemented.
        regards, tom lane