It seems perfectly safe to me too for the reason that Kris mentions.
Tom, could you please elaborate where you see a security hole?
Regards,
Thomas Hallgren
Tom Lane wrote:
Kris Jurka <[EMAIL PROTECTED]> writes:
On Wed, 30 Jul 2008, Alvaro Herrera wrote:
I do agree that cr
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
Tom, could you please elaborate where you see a security hole?
The problem that we've seen in the past shows up when the user lies in
the CREATE TYPE command, specifying type representation properties that
are dif
Tom Lane wrote:
This is a non-issue in PL/Java. An integer parameter is never passed by
reference and there's no way the PL/Java user can get direct access to
backend memory.
So what exactly does happen when the user deliberately specifies wrong
typlen/typbyval/typalign info when creati
Kris Jurka wrote:
3) By value: pljava does not correctly handle passed by value types
correctly, allowing access to random memory.
This is simply not true. There's no way a Java developer can access
random memory through PL/Java.
- thomas
--
Sent via pgsql-hackers mailing list (pgsql-hack
Kris Jurka wrote:
Thomas Hallgren wrote:
Kris Jurka wrote:
3) By value: pljava does not correctly handle passed by value types
correctly, allowing access to random memory.
This is simply not true. There's no way a Java developer can access
random memory through PL/Java.
No, the poi
ed to
fix this once and for all?
Another related question. What happens when I use --without-zlib? Does
it have any effect on besides disabling compression for the dump/restore
utilities? Is there anyway to make it affect the backend only?
Kind Regards,
Thomas Hallgren
That's good news. Any chance of getting this fix backported to 8.1? Or
at least, the libz part of it?
Regards,
Thomas Hallgren
Martijn van Oosterhout wrote:
On Fri, Jun 23, 2006 at 10:45:29AM +0200, Thomas Hallgren wrote:
There was a discussion some time back concerning the linking o
here. What should I look for when trying
to find the cause of such warnings?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
rrect behavior?
Regards,
Thomas Hallgren
Original Message
Subject: Re: [Pljava-dev] char with trailing space,
PreparedStatement.setObject & SetString
Date: Tue, 27 Jun 2006 12:07:19 -0400
From: JEAN-PIERRE PELLETIER <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sorry, wrong list... I reposted this on pgsql-jdbc instead.
---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Martijn van Oosterhout wrote:
On Wed, Jun 28, 2006 at 01:56:47PM +0200, Thomas Hallgren wrote:
A user that is trusted with installing a C-function in the backend is
free to scan the process memory anyway so in what way did that increase
the security? IMHO, the only relevant security in that
ndry, and at some point give it up for inclusion into
PostgreSQL.
One requirement would be that it runs on Windows. Is that something you have
tested?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
ava clients).
Some PL's will also enable such packages out of the box.
The actual type would be extremely generic, lightweight, and easy to implement. No
portability issues whatsoever. The only difficulty that I see is naming it :-).
Regards,
Thomas Hallgren
---(end o
in
all indexes, all foreign keys, etc. In a normalized database some tables
may consist of UUID columns only.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index
Martijn van Oosterhout wrote:
On Thu, Jun 29, 2006 at 03:54:36PM +0200, Thomas Hallgren wrote:
I have to concur with this. Assume you use a bytea for a UUID that in
turn is used as a primary key. The extra overhead will be reflected in
all indexes, all foreign keys, etc. In a normalized
e. just add a 16 byte data type and forget all
about UUID's for now.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
pgfoundry/contrib.
I second that.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
latforms where PL/Java is ported must either support GCJ 4.0 or higher or have a Java
Runtime Environment 1.4.2 or higher installed.
Regards,
Thomas Hallgren
Bruce Momjian wrote:
There are roughly three weeks left until the feature freeze on August 1.
If people are working on items, they should be
end is never
exposed to more then one thread at a time.
...
(from the top of my head, there are probably more reasons)
IMHO, this is yet another reason to actually include it in core. I'm not
an expert on the other PL's but my guess is that PL/Java is far more
sensitive to
even then I have some
doubts. The good news in my opinion is that if PL/Java would make it to
the core it could make a good reference implementation for other equally
advanced language mappings.
Regards,
Thomas Hallgren
---(end of broadcast)-
hen you say PL/J could be
considered in the same light as PL/Java. Then again, I'm fairly biased ;-)
Regards,
Thomas Hallgren
Dave Cramer wrote:
Absolutely PL/J should be considered in the same light as PL/Java.
Consider this a request for PL/J to be included in the core.
Dave
On 11-Ju
we don't, really.
As the project grows for various reasons, the number of hackers in the community will grow
as well. PL/Java for instance, does not come without resources :-)
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: In versions
be a good place to start. I.e. divide
headers into the ones available for external modules and the ones for
internal backend use only.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
must have happened that
would be interesting to look at.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
statement is completely false.
Dave,
What JVM requirements does PL/J currently have? What license implications are imposed by the
components that it depends upon?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Have you searched our list
I'm sure there are other more subtle ways to get the message through.
I'm trying to be honest and up-front. IMO, that should count for something.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
Why to you persist talking about licensing issues with PL/Java? There are none. PL/Java
builds and runs just fine with gcj and the above statement is completely false.
Um ... if you use it with gcj, there may or may
FSF indeed did remove the exception. It would take me
30 minutes or so to create a substitute BSD licensed dummy JNI library
with associated headers that would allow PL/Java to be built without any
external modules at all. It's then completely up to the user what he/she
wants to slot in
d also resolve a some of the issues.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster
r may choose a JVM from IBM, Sun, BEA, or
other (like GCJ) to run. That's the essence of having a standardized
API. What can possibly be 'grey' about that?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster
lenge lays in the impedance mismatch caused by concerns
that one must consider when using RPC (limit the number of calls) compared to the current
design (avoid copying and streaming).
Kind regards,
Thomas Hallgren
---(end of broadcast)---
TIP 5: do
QL headers
In essence the PostgreSQL SDK.
If I read what Thomas wrote (late) last night correctly.
You did.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an
but could we move the project files to pgfoundry
for hosting and set the project's home page as the wiki?
Yes, that sounds reasonable. I'll look into that. What I really would
like is to move the whole project (aside from the Wiki) from gborg to
pgfoundry.
Kind rega
over the
years ...
How would I go about taking advantage of that? And who did the 1.2.0
upload? I certainly didn't.
Kind Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
ss
that's why it was not mirrored. And yes, I agree wholeheartedly, a wiki
is not the most intuitive place for downloads. Per Jonahs suggestion
I've just uploaded everything to pgfoundry too.
Thanks for uploading the 1.3.0 to the ftp.
Regards,
Thomas Hallgren
-
g there.
Unfortunately, there's no way to remove them. The Files section on
pgfoundry looks a lot better :-)
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
source tarball, make sure pg_ctl is in your path and type 'make
USE_GCJ=1 release'
Alternatively, set JAVA_HOME to appoint some other JRE and just type 'make
release'
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 5:
s). I
don't have access to a FreeBSD machine so I can't try it.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTE
Andrew Dunstan wrote:
The topic here is NOT what features are missing from postgres.
Of course it is ;-)
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 6: explain analyze is your friend
third-party modules and serving as an
incubator for modules that aim to be included in core or into one of its subsidiaries.
Kind Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
though I don't expect to see bit-rates or fractions ('m' == 'milli') in GUC, it might be
good to use consistent units everywhere.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 6: explain analyze is your friend
. I've never seen any other representation of the
UUID's that the two that Gevik wants to support. Please note that UUID
is a very well known concept and not an arbitrary 128 bit storage.
http://en.wikipedia.org/wiki/UUID is a good source of information. The
appointed RFC actuall
[EMAIL PROTECTED] wrote:
... I *like* sorting by time, as it allows
the UUID to be used similar to sequence, leaving older, lesser accessed
UUIDs in the past.
and don't forget, an automatic timestamp of when a record is created might be useful for
other purposes.
Regards,
Thomas Hal
, LIKE and (NOT) IS NULL
4. GUID type must have the ability to be indexed, grouped, ordered,
DISTINCT... but not MAX(), MIN() or SUM()
Where do you see a need for LIKE on a GUID?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: if posti
sense to me.
Regards,
Thomas Hallgren
On Mon, 2006-09-18 at 10:06 +0200, Thomas Hallgren wrote:
Gevik Babakhani wrote:
To my opinion GUIDs type need to provide the following in the database.
1. GUID type must accept the correct string format(s), with of without
extra '-'
2.
. Although the magnitudes as such makes little sense, the ability to order will
make it possible to compare results from different queries etc. Very difficult to do with
random order.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 6: explain
of 100 nanosec.
An implementation could be made to prevent clock-sequence collisions on the same machine and
thereby avoid this altogether.
Kind Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Have you searched our list archives?
ow. I feel that it's either that or stop providing pre-built
binaries altogether. I realize that I can't be the only one with this
problem. How is this normally handled?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: you can get o
n alternative
suggestion on the above though).
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Laszlo,
I worked on this and created some interface for decoupling java datatypes
and their representations. In my implementation the mapping is N:N, so it
is not directly applicable to your schema, but perhaps you can use some
piece of it.
I am not ready with all default data types, but the most i
and what to use in the first place?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
times". I guess you have some initial handshake
between the postgresql backend and the JVM where you can negotiate
things like that?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 6: Have you searched our list archives?
bitten by this bug. Is it safe to assume
that the fix for this will arrive in 8.1.0?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
2) 2004-03-30 07:29 i686 unknown
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
() that my SPI has been
disconnected always?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 8: explain analyze is your friend
Alvaro Herrera wrote:
On Wed, Mar 16, 2005 at 07:35:57PM +0100, Thomas Hallgren wrote:
I have some test code that utilize SPI and does the following:
1. SPI_connect
2. set a savepoint (using BeginInternalSubTransaction)
3. execute a statement that contains a syntax error (within PG_TRY/PG_CATCH
nts
are the same as Shachar's although a dump of the current bug database
would be helpful.
Genpages, uploads, etc. are things that I can reconstruct from material
that's in the CVS.
Regards,
Thomas Hallgren
---(end of broadcast)---
Shachar Shemesh wrote:
To summarize, just give me read only access to the old project's data
and I'm set.
I second that.
- thomas
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
made obsolete. It will
still be a BSD style license though. A first release should be ready for
4/1/2006.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
here is really that we keep finding reasons to, if not
flat-out change the interface to PLs, at least expand their
responsibilities. Not to push it too hard, but we still have only
one PL with a validator procedure, which IIRC was your own addition
to that API. How come they don't all have vali
o a pl-j versus
pl-java discussion. It's valid to pl's in general. The fact that
PostgreSQL ships with some PL's is suppressing others (I'm thinking
again of the Community versus Solo type projects) and suggests that you
have an implicit validation process in place. Perhaps you
to try to
deduct everything just by looking at the code in pl/pgsql.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
1
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
I've read about changes in CVS head needed to accomodate OUT parameters.
I tried to compile PL/Java and it fails (of course). Is there any brief
text somewhere that highligts the changes that where made and explains
how th
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
I get the following error message when I try to do an initdb with CVS
HEAD on a Win32 platform:
creating configuration files ... ok
creating template1 database in data-head/base/1 ... FATAL: access
method "btre
ikely to misbehave if it doesn't know that.
Thanks a lot. Now I know how to go about this. Seems pretty stright
forward. Nice work!
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
returning SETOF RECORD in all versions. The only thing that doesn't work
right now is a function that returns RECORD (not SETOF) since the rsinfo
in this case is NULL. Can you shed some light on that?
Regards,
Thomas Hallgren
---(end of broa
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
... The only thing that doesn't work
right now is a function that returns RECORD (not SETOF) since the rsinfo
in this case is NULL. Can you shed some light on that?
What's the test case exactly?
thhal=#
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
thhal=# create function javatest.recordExample(int, int) returns record
as 'org.postgresql.pljava.example.ComplexReturn.complexReturn' immutable
language java;
CREATE FUNCTION
thhal=# select * from javatest.record
BlessTupleDesc. nodeFunctionscan.c formerly did that, and I suppose
it should keep doing it for backwards compatibility. I put back the
call...
I hope that doesn't have a negative performance impact in general. If
so, I'd be happy to add the missing BlessTupleDesc at my end instead.
append although there's often good grounds for it so I have nothing to
complain about. :-)
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
Oleg Bartunov wrote:
On Sun, 24 Apr 2005, Thomas Hallgren wrote:
Oleg Bartunov wrote:
I think it's quite useful to correct, because many of us use
english only
when reading mailing lists and documentation :)
I think that it's important to refrain from corrections on a public
forum
make the PostgreSQL user experience as
similar as possible and thus allowing use of PL/Java or PL/J without
changing anything but configuration.
Kind regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: you can get off all lists at onc
Michael Fuhr wrote:
On Thu, Apr 28, 2005 at 09:47:45PM +0200, Thomas Hallgren wrote:
What version of PostgreSQL are you using
The latest and greatest from CVS.
Which branch? HEAD? REL8_0_STABLE?
Sorry. To me "latest" always defaults to HEAD and by "greatest"
n interfaces with other
languages where the sizes are fixed, wouldn't it be better to use
something that is fixed in size here too? I.e. int32 or perhaps int64?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Neil Conway wrote:
Thomas Hallgren wrote:
Since both int and long are types whos size that vary depending on
platform, and since the SPI protocol often interfaces with other
languages where the sizes are fixed
ISTM there are no "languages where the sizes are fixed". In this
contex
hange that will make things incompatible
should you decide to change the executor in the future.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command
t will allow you to add a special "assign hook" and a "show
hook" function.
For more info on the details, I'm afraid you need to consult the source
code at present.
Kind regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
the
API should reflect that choice. Having the maximum number of rows
dependent on platform ports is a bad design.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
Tom Lane wrote:
Thomas Hallgren <[EMAIL PROTECTED]> writes:
Exactly. Why should a user of the SPI API be exposed to or even
concerned with this at all? As an application programmer you couldn't
care less. You want your app to perform equally well on all platforms
without surp
mer) or to conseqently used 32-bit resultset
sizes on 32-bit platforms and 64-bit resultset sizes on 64-bit platforms?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
ince I already have the
libraries/headers installed' package ...
Any other PL's not currently in your CVS that you might consider to
bring in while you're at it?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 9: the planne
es or even renaming files
creates havoc if you have several simultanious branches that need to be
merged at some point. Serious design flaw IMHO.
When will subversion be able to *really* rename or move an element as
opposed to just remove and add?
Regards,
Thomas Hal
Marc G. Fournier wrote:
But we need at least one of them ready for a standalone build first ...
PL/Java might be ready. Depends on your definition of "standalone build"
of course. Can you elaborate?
Regards,
Thomas Hallgren
---(end of
Marc G. Fournier wrote:
On Thu, 5 May 2005, Thomas Hallgren wrote:
Marc G. Fournier wrote:
But we need at least one of them ready for a standalone build first ...
PL/Java might be ready. Depends on your definition of "standalone
build" of course. Can you elaborate?
could I download a t
Marc G. Fournier wrote:
On Fri, 6 May 2005, Thomas Hallgren wrote:
Marc G. Fournier wrote:
On Thu, 5 May 2005, Thomas Hallgren wrote:
Marc G. Fournier wrote:
But we need at least one of them ready for a standalone build
first ...
PL/Java might be ready. Depends on your definition of "stand
Satoshi Nagayasu wrote:
>>An oracle package is created when first referenced. Its initialization
>>code is run once (ie costly queries to populate session wide package
>>params) and the package dies at the end of the session
>>An analogy with OOP is that it's like ha
ot sure is there is static variables. If it's missing, we could add
that easilly and give them the same life-span as the session.
A UDT can be exchanged seamlessly across PL's so it would become a
really elegant solution for session variables.
Regards,
Thomas Hal
of user defined types to
include methods and conclude that storing session data in other ways
than using temporary tables should be PL specific.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Bruce Momjian wrote:
Thomas Hallgren wrote:
Bruce Momjian wrote:
Josh Berkus wrote:
I think that private variables and private functions need to be part of the
definition.
OK, so it seems we need:
C static/private functions for schemas
C static/private
Oracle migration too since Oracle already has this.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
I'd like that too although I don't think it's included in the SQL-standard.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
ed to
functions and stored procedures without a rewrite.
5. PL/Java already provide both trusted and untrusted language handlers.
6. PL/Java has a community of over 70 members and increasing.
7. PL/Java has no license issue.
8. The author of PL/Java would be happy to maintain it in core.
Regards,
T
Joshua,
There's some material that explains the inner workings on the
gborg.postgresql.org/project/pljava site. Beyond that (and trying it out
of course), I'd be more then happy to answer any questions.
Regards,
Thomas Hallgren
Joshua D. Drake wrote:
I think you should take a c
the
PL/Java and PL/J teams make a joint effort to create an abstraction
layer that allows a developer to write stored procedures and functions
in a database independent way.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings
er. At present, it doesn't function correctly using Gcj.
I've asked the Gcj team when they think they will have this and the
reply that they hope to have it sometime 2005.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster
es that contain the code to be
loaded somehow. PL/Java belongs to the latter. Not everyone is in favor
of that approach.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster
server
setting that decides which one to use provided both are present.
Kind regards,
Thomas Hallgren
---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster
. When PL/Java was designed I made a serious effort to avoid
all that. Hence my concern.
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
ution on this newsgroup
3) Implement and submit a patch
Any advice is greatly appreciated. Especially the ones that might speed up
step #1.
Comments, suggestions?
Regards,
Thomas Hallgren
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
1 - 100 of 446 matches
Mail list logo
