On Wed, Jun 9, 2010 at 1:34 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Kris Jurka <bo...@ejurka.com> writes: >> On Wed, 9 Jun 2010, Heikki Linnakangas wrote: >>> Are you thinking we should retrict pg_get_expr() to superusers then? > >> That seems like it will cause problems for both pg_dump and drivers which >> want to return metadata as pg_get_expr has been the recommended way of >> fetching this information. > > Yes, it's not a trivial fix either. We'll have to provide functions or > views that replace the current usages without letting the user insert > untrusted strings.
Maybe I'm all wet here, but don't we need to come up with something we can back-patch? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
