On Sep 22, 2006, at 11:26 , Merlin Moncure wrote:
On 9/22/06, Tom Lane <[EMAIL PROTECTED]> wrote:
Stephen Frost <[EMAIL PROTECTED]> writes:
> * Tom Lane ([EMAIL PROTECTED]) wrote:
>> An admin who is concerned about this can revoke public access
on the
>> functions for himself ... but should that be the default out-of-
the-box
>> configuration? I feel more comfortable with saying "you have
to turn
>> on this potentially-dangerous feature" than with saying you
have to turn
>> it off.
> I agree with having it turned off by default, at least in 8.2.
Do we have a consensus to do this for 8.2? Or are we going to
leave it
as is? Those are the only two realistic short-term options ...
there are plenty of other potentially nasty things (like
generate_series and the ! operator). why are advisory_locks handled
specially? the way it stands right now is a user with command access
can DoS a server after five minutes of research on the web.
however, if we decide to lock them, it should be documented as such.
advisory locks still show up as 'userlock' in the pg_locks view. does
this matter?
I would be more worried about accidental collisions between
applications. The lock ranges will now need to be in their respective
application's configuration file in case of collision with another
app once developers really start using locks for IPC. Ideally, the
user-level lock functions would take strings instead of integers and
hash them appropriately, no? Otherwise, someone will end up
maintaining a registry of lock numbers in use. LISTEN doesn't use
integers.
-M
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
