Re: [BUGS] Server crash while trying to read expression using pg_get_expr()
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: [BUGS] Server crash while trying to read expression using pg_get_expr() |
| Дата | |
| Msg-id | 4C0FA772.9090406@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: [BUGS] Server crash while trying to read expression using pg_get_expr() (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [BUGS] Server crash while trying to read expression using pg_get_expr()
Re: [BUGS] Server crash while trying to read expression using pg_get_expr() |
| Список | pgsql-hackers |
On 09/06/10 17:34, Tom Lane wrote: > Heikki Linnakangas<heikki.linnakangas@enterprisedb.com> writes: >> We have two options: > >> 1. Make pg_get_expr() handle arbitrary (possibly even malicious) input >> gracefully. > >> 2. Restrict pg_get_expr() to superusers only. > > I think #1 is a fool's errand. There is far too much structure to a > node tree that is outside the scope of what readfuncs.c is capable of > understanding. That's why I said that ruleutils.c will need to understand and complain about the rest. Are you thinking we should retrict pg_get_expr() to superusers then? -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: