I didn't realize this was a public mailing list, I posted this report at
http://www.postgresql.org/support/submitbug and thought that it would
only be reported internally.
I agree with your analysis, although Carol may or may not be aware that
she is executing any functions at all. But in any
Dave Page wrote:
> On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
> > If this were a security issue, you already spilled the beans by
> > reporting it to a public mailing list; so I'm unsure what you are
> > concerned about.
>
> I'd wager that Lars didn't realise the bug
On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
> If this were a security issue, you already spilled the beans by
> reporting it to a public mailing list; so I'm unsure what you are
> concerned about.
I'd wager that Lars didn't realise the bug form goes straight to the
lis
"Lars Olson" <[EMAIL PROTECTED]> writes:
> Creating a view that depends on the value of SESSION_USER enables a
> minimally-privileged user to write a user-defined function that contains a
> trojan-horse to get arbitrary data from the base table.
This example proves nothing except that you shouldn'
Heikki Linnakangas <[EMAIL PROTECTED]> writes:
> Pedro Alves wrote:
>> Since saturday Portugal is in WEST timezone.
> We don't include all timezone abbreviations, because they're generally
> not well-defined. Not sure if that's the case with WEST, but it seems
> quite likely. We do have the abbr
Lars Olson wrote:
Creating a view that depends on the value of SESSION_USER enables a
minimally-privileged user to write a user-defined function that contains a
trojan-horse to get arbitrary data from the base table. Using CURRENT_USER
instead still enables a similar vulnerability.
To reproduce
The following bug has been logged online:
Bug reference: 4074
Logged by: Lars Olson
Email address: [EMAIL PROTECTED]
PostgreSQL version: 8.3.1
Operating system: Windows XP
Description:Using SESSION_USER or CURRENT_USER in a view definition
is unsafe
Details:
Creatin
Pedro Alves wrote:
Since saturday Portugal is in WEST timezone. Some of my programs stopped
working. Those programs use the output of java.util.Date, and come out as
"Sat Mar 29 04:47:06 WEST 2008".
Though not everyone uses that kind of output in timezones, everyone that
uses a recent jvm and ar
The following bug has been logged online:
Bug reference: 4073
Logged by: Pedro Alves
Email address: [EMAIL PROTECTED]
PostgreSQL version: 8.2.7
Operating system: Linux Slackware 11 and 12
Description:ERROR: invalid input syntax for type timestamp: "Sat
Mar 29 04:47:0
[EMAIL PROTECTED] (Gregory Stark) writes:
> "Dave Page" <[EMAIL PROTECTED]> writes:
>
>>> Wrong tip at the beginning of the administrator: "The answer to the
>>> question of Life, the Universe and Everything is 42." The answer is "God
>>> created them."
>>
>> I'm not so sure - can you define exactl
Ceschia, Marcello wrote:
Can I send a backup with some data?
pg_dump output will do just fine, but please try to reduce the test case
to a simpler one. And send the query that's not behaving as expected as
well, and describe what output you expected.
And please keep the mailing list CC'd so
Marcello Ceschia wrote:
If you need more information, contact me I can send some example data.
Yes, we need more information. Please send a minimal test case with
CREATE TABLE statements and data required to reproduce the problem.
--
Heikki Linnakangas
EnterpriseDB http://www.enterpris
The following bug has been logged online:
Bug reference: 4070
Logged by: Marcello Ceschia
Email address: [EMAIL PROTECTED]
PostgreSQL version: 8.2.5 and 8.3.0
Operating system: Windows XP
Description:Join more then ~15 tables let postgreSQL produces wrong
data
Details
13 matches
Mail list logo
