On Wed, Jun 9, 2010 at 1:34 PM, Tom Lane <[email protected]> wrote: > Kris Jurka <[email protected]> writes: >> On Wed, 9 Jun 2010, Heikki Linnakangas wrote: >>> Are you thinking we should retrict pg_get_expr() to superusers then? > >> That seems like it will cause problems for both pg_dump and drivers which >> want to return metadata as pg_get_expr has been the recommended way of >> fetching this information. > > Yes, it's not a trivial fix either. We'll have to provide functions or > views that replace the current usages without letting the user insert > untrusted strings.
Maybe I'm all wet here, but don't we need to come up with something we can back-patch? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
