Added to TODO:
* Prevent malicious functions from being executed with the permissions
of unsuspecting users
Index functions are safe, so VACUUM and ANALYZE are safe too.
Triggers, CHECK and DEFAULT expressions, and rules are still
vulnerable.
On 1/8/08, Tom Lane <[EMAIL PROTECTED]> wrote:
> The other issue that ought to be on the TODO radar is that we've only
> plugged the hole for the very limited case of maintenance operations that
> are likely to be executed by superusers. If user A modifies user B's
> table (via INSERT/UPDATE/DELE
On Wed, 2008-01-09 at 00:22 -0500, Tom Lane wrote:
> pgsql-core wasted quite a lot of time
Core's efforts are appreciated by all, so not time wasted.
--
Simon Riggs
2ndQuadrant http://www.2ndQuadrant.com
---(end of broadcast)---
TIP 6: expla
