On Thu, Dec 1, 2016 at 4:33 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Robert Haas <robertmh...@gmail.com> writes:
>> On Wed, Nov 30, 2016 at 1:50 PM, Greg Stark <st...@mit.edu> wrote:
>>> I can't say I feel especially strongly either way on this but just to
>>> toss out a small thing that might make a small difference....
>>> If you happen to know how your message-ids are generated then you
>>> might be able to do something useful with them. For instance, you
>>> could search all git commits for urls to messages you wrote -- for
>>> instance any commit that has CAB7nPq is referencing a message written
>>> by Michael Paquier.
>>> On the other hand you could put something naughty in the message-id
>>> forcing everyone else to use URLs with dirty words in them. Or with
>>> words like "terrorist" in them. Or with some javascript/html injection
>>> attack of some sort...
>> ...or the name of your company/your email hosting provider's company...
> I think this is a straw man.  We've already decided to use message-IDs
> as the basic identity of messages for this purpose; other proposals
> were considered before and rejected as too inconvenient.
> When and if somebody tries to game that, we can do something about it,
> but I'm not very worried.  It's not like it's not trivial to get your
> company's name, or $badword of your choice, into the archives already.
> The former is more or less standard practice, in fact, as per this
> very message:

Sure, of course.  But it's a bit different when it's in the commit log.

Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to