Le dimanche 31 juillet 2011 à 18:43 +0200, saeed ahmed a écrit :
> i am new to postgresql and not very good in english language.i need
> help to understand,how i can make,(by using postgresql)something like
> microsofts access.i remebre you see a lot of buttons and
> functions.when you finish inser
On 07/31/11 9:43 AM, saeed ahmed wrote:
i am new to postgresql and not very good in english language.i need
help to understand,how i can make,(by using postgresql)something like
microsofts access.i remebre you see a lot of buttons and
functions.when you finish inserting some data,you have somethi
i am new to postgresql and not very good in english language.i need
help to understand,how i can make,(by using postgresql)something like
microsofts access.i remebre you see a lot of buttons and
functions.when you finish inserting some data,you have something
permanent like a software that remains
> Any security definer function should be designed with security in mind. That
> is the responsibility of the dba. You can't limit the dba in what he can do
> just in case he doesn't know what he is doing. You can suggest, but if the
> dba thinks he knows what he is doing, give him all the tools to
On 07/31/2011 09:48 AM, Chris Travers wrote:
On Sat, Jul 30, 2011 at 9:50 PM, Sim Zacks wrote:
On one hand the hole can't be plugged because as you mentioned that is the
point of the function. On the other hand, if the function is not being run
as security definer, the account running it would
On Sat, Jul 30, 2011 at 9:50 PM, Sim Zacks wrote:
>
> On one hand the hole can't be plugged because as you mentioned that is the
> point of the function. On the other hand, if the function is not being run
> as security definer, the account running it would need to have the rights to
> do whatever
We are in the process of building regression tests for our 700+ functions.
I hope to have it finished in about 6 months.
Sim
On 07/31/2011 08:31 AM, Jaime Casanova wrote:
2011/7/30 Sim Zacks:
On 07/28/2011 05:11 PM, Tom Lane wrote:
Merlin Moncurewrites:
Couple points:
*) why a speci
2011/7/30 Sim Zacks :
>
> On 07/28/2011 05:11 PM, Tom Lane wrote:
>
>> Merlin Moncure writes:
>>>
>>> Couple points:
>>> *) why a special case for boolean values?
>>
>> That seemed weird to me too ...
>
> I'm using 8.2 and "cannot cast type boolean to text"
are you aware that support for 8.2 will
On 07/28/2011 06:28 PM, Chris Travers wrote:
On Thu, Jul 28, 2011 at 8:08 AM, David Johnston wrote:
At best, based upon the example using "current_timestamp()", you could only
mark it as being stable, right?
Also not mentioned; what risk is there of this function being hacked? It
places the
On 07/28/2011 05:11 PM, Tom Lane wrote:
Merlin Moncure writes:
Couple points:
*) why a special case for boolean values?
That seemed weird to me too ...
I'm using 8.2 and "cannot cast type boolean to text"
*) this should be immutable
What if the passed expression is volatile? Better to be
On Thu, Jul 28, 2011 at 10:36 AM, Chris Travers wrote:
> On Thu, Jul 28, 2011 at 8:23 AM, Merlin Moncure wrote:
>>
>> This function is an absolute no-go if the string literal is coming
>> from untrusted source, and any robust defenses would ruin the intended
>> effect of the function. There are
On Thu, Jul 28, 2011 at 8:23 AM, Merlin Moncure wrote:
>
> This function is an absolute no-go if the string literal is coming
> from untrusted source, and any robust defenses would ruin the intended
> effect of the function. There are a number of nasty ways you can (at
> minimum) DOS your databas
On Thu, Jul 28, 2011 at 8:08 AM, David Johnston wrote:
> At best, based upon the example using "current_timestamp()", you could only
> mark it as being stable, right?
>
> Also not mentioned; what risk is there of this function being hacked? It
> places the supplied data within a "SELECT ()
On Thu, Jul 28, 2011 at 10:08 AM, David Johnston wrote:
>
> Merlin Moncure writes:
>> Couple points:
>> *) why a special case for boolean values?
>
> That seemed weird to me too ...
>
>> *) this should be immutable
>
> What if the passed expression is volatile? Better to be safe.
>
> ---
Merlin Moncure writes:
> Couple points:
> *) why a special case for boolean values?
That seemed weird to me too ...
> *) this should be immutable
What if the passed expression is volatile? Better to be safe.
-
At best, based upon the example using "current_ti
On Thu, Jul 28, 2011 at 4:18 AM, Sim Zacks wrote:
> I need an eval function that will evaluate a valid SQL expression and return
> the value.
>
> I've seen variations of this asked before with no real answer.
>
> I wrote a function to handle it, but it looks like there should be a better
> way to
Merlin Moncure writes:
> Couple points:
> *) why a special case for boolean values?
That seemed weird to me too ...
> *) this should be immutable
What if the passed expression is volatile? Better to be safe.
regards, tom lane
--
Sent via pgsql-general mailing list (p
On Thu, Jul 28, 2011 at 6:18 AM, Sim Zacks wrote:
> I need an eval function that will evaluate a valid SQL expression and return
> the value.
>
> I've seen variations of this asked before with no real answer.
>
> I wrote a function to handle it, but it looks like there should be a better
> way to
I need an eval function that will evaluate a valid SQL expression and
return the value.
I've seen variations of this asked before with no real answer.
I wrote a function to handle it, but it looks like there should be a
better way to do this (see below).
My use case is a table with date ran
19 matches
Mail list logo
