Re: [BUGS] BUG #1963: SSL certificate permission check is too strict
Hi Tom! Tom Lane [2005-10-16 0:41 -0400]: > Martin Pitt <[EMAIL PROTECTED]> writes: > > At least the certificate could be permitted to be owned/in group root. > > I cannot see how this should weaken the certificate's security. > > Postgres doesn't run as root, hence could not use such a certificate > unless it was world-readable. Please see my original mail. If you use ACLs, postgres can very well be able to read the certificate. The point was that a key's security is not weakened if it is owned by root instead of "postgres" - to the contrary. So I don't see the point of the check that actively prohibits a key being owned by root. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developerhttp://www.debian.org signature.asc Description: Digital signature
Re: [BUGS] BUG #1956: Plpgsql top-level DECLARE does not share scope
On Thu, 13 Oct 2005 16:24:23 -0400, Tom Lane <[EMAIL PROTECTED]> wrote: > BTW, another issue here is that if we did merge the first DECLARE with > the scope of auto-declared variables, it would be a non backwards > compatible change. Right now you can do, say, > > declare found int; > > and it'll override the standard FOUND variable. If we change this then > you'd get an error. (Of course, it could be argued that that would be > a Good Thing. But it would inhibit us from adding new auto-declared > variables that are less central to the language than FOUND, because of > the risk of breaking existing code.) Could something be done using alias? eg declare x int; ... declare x alias for outer x klint. ---(end of broadcast)--- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
