On Wed, Jul 11, 2001 at 01:00:42PM -0400, Bruce Momjian wrote:
> > * HMAC - Wrap all postgres data in an HMAC (I believe this requires an
> > plaintext-like password on the server as does crypt and the double
> > crypt scheme)
>
> No, double-crypt has the passwords stored encrypted.
You miss
On Wednesday, 11. July 2001 17:28, you wrote:
> Mike Mascari writes:
> > MESSAGE ON INDEX i_employees IS
> > 'An employee with a matching Social Security number already exists';
> >
> > Then, when the UNIQUE constraint of the index is violated, instead of
> > the message:
> >
> > 'Cannot insert a
> The security issue is why I developed it. There were complaints from people
> who did not want to have identd running at all.
>
> I think the feature is available in Linux, Solaris and some BSD. It can be
> tested for by whether SO_PEERCRED is defined in sys/socket.h.
Yes, I see something s
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Also, can someone tell my why we use malloc in plpgsql?
>
> Plain palloc() won't do because the compiled tree for the function needs
> to outlive the current query. However, malloc() is not cool. Really,
> these structures ought to be built in a m
> Has it ever been considered to (optionally) use the iconv interface for
> character set conversion instead of rolling our own? It seems to be a lot
> more flexible, has pluggable conversion modules (depending on the
> implementation), supports more character sets. It seems to be available
> on
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Also, can someone tell my why we use malloc in plpgsql?
Plain palloc() won't do because the compiled tree for the function needs
to outlive the current query. However, malloc() is not cool. Really,
these structures ought to be built in a memory contex
"Mikheev, Vadim" <[EMAIL PROTECTED]> writes:
>> Since we are going to treat all xids >= xmax as in-progress anyway,
>> what's wrong with reading xmax before we acquire the SInval lock?
> AFAIR, I made so to prevent following:
> 1. Tx Old is running.
> 2. Tx S reads new transaction ID in GetSnaps
> > We (SRA) have done the translation of PostgreSQL 7.1 docs into
> > Japanese. They can be freely available at
> > http://osb.sra.co.jp/PostgreSQL/Manual/.
>
> How long did that take, and with howmany people? :)
It took 4 months. Two of our employees worked for that plus several
people did som
> I am trying to understand why GetSnapshotData() needs to acquire the
> SInval spinlock before it calls ReadNewTransactionId, rather than after.
> I see that you made it do so --- in the commit at
>
http://www.ca.postgresql.org/cgi/cvsweb.cgi/pgsql/src/backend/storage/ipc/sh
mem.c.diff?r1=1.41&r2
Also, can someone tell my why we use malloc in plpgsql?
> In this bit of code in src/pl/plpgsql/src/gram.y in the current CVS
> sources, curname_def is defined as PLpgSQL_expr * but it is is
> allocated the space required for a PLpgSQL_var. This looks like a
> bug.
>
> Ian
>
>
Confirmed. I found a second problem in the file too, very similar.
Patch applied.
> In this bit of code in src/pl/plpgsql/src/gram.y in the current CVS
> sources, curname_def is defined as PLpgSQL_expr * but it is is
> allocated the space required for a PLpgSQL_var. This looks like a
> bug.
>
In this bit of code in src/pl/plpgsql/src/gram.y in the current CVS
sources, curname_def is defined as PLpgSQL_expr * but it is is
allocated the space required for a PLpgSQL_var. This looks like a
bug.
Ian
| decl_varname K_CURSOR decl_cursor_args decl_is_from
K_
On Wed, Jul 11, 2001 at 12:26:43PM -0400, Tom Lane wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Tom Lane writes:
> >> Right. Okay, it seems like just making it a hand-configurable entry
> >> in config.h.in is good enough for now. When and if we find that
> >> that's inadequate in a
We increased shared memory in the linux kernel, which decreased the vacuumdb
time from 40 minutes to 14 minutes on a 450 mhz processor. We calculate that
on our dual 1ghz box with ghz ethernet san connection this will go down to
under 5 minutes. This is acceptable to us. Sorry about the unn
Good point. Would the issue be resolved by either:
- Only allowing the database superuser to use this mechanism?
- Allowing it only in trigger functions? (That way a user has to actually own
one of the tables)
Mark
Peter Eisentraut wrote:
>
> Bruce Momjian writes:
>
> > > Peter might be refer
Bruce Momjian writes:
> > Peter might be referring to this:
> >
> > http://fts.postgresql.org/db/mw/msg.html?mid=1022775
> >
> > There was some discussion afterward, but I don't think a definite conclusion
> > was reached.
>
> But I see Tom Lane saying he doesn't see a security issue:
>
> h
On Wed, Jul 11, 2001 at 01:24:53PM +1000, Michael Samuel wrote:
> The crypt authentication currently used offers _no_ security. ...
> Of course, SSL *if done correctly with certificate verification* is the
> correct fix. If no certificate verification is done, you fall victim to
> a man-in-the-mi
> I must say, I am having more trouble keeping up with the email traffic.
> It is taking days just to catch up to current emails because some of the
> emails need special attention. I am going as fast as I can. I think I
> have one more week of emails to go through before I am current.
> Hopef
Hi Vadim,
I am trying to understand why GetSnapshotData() needs to acquire the
SInval spinlock before it calls ReadNewTransactionId, rather than after.
I see that you made it do so --- in the commit at
http://www.ca.postgresql.org/cgi/cvsweb.cgi/pgsql/src/backend/storage/ipc/shmem.c.diff?r1=1.41&
I must say, I am having more trouble keeping up with the email traffic.
It is taking days just to catch up to current emails because some of the
emails need special attention. I am going as fast as I can. I think I
have one more week of emails to go through before I am current.
Hopefully today
gabriel writes:
> Is there a way to config the postmaster
> to log in a file all connections and querys to each database?
http://www.de.postgresql.org/users-lounge/docs/7.1/postgres/runtime-config.html#LOGGING
--
Peter Eisentraut [EMAIL PROTECTED] http://funkturm.homeip.net/~peter
--
Has it ever been considered to (optionally) use the iconv interface for
character set conversion instead of rolling our own? It seems to be a lot
more flexible, has pluggable conversion modules (depending on the
implementation), supports more character sets. It seems to be available
on quite a f
> Actually the problem is worse than I thought. Not only do all the
> get/setXXXStream methods assume the datatype is a BLOB, but also the
> get/setBytes methods. This means that it isn't possible to support
> bytea as the binary datatype without also breaking some backward
> compatability.
Tom Lane writes:
> The other concern I had could be addressed by making the listen
> parameter be MIN(MaxBackends, PG_SOMAXCONN) where PG_SOMAXCONN
> is set in config.h --- but now we could make the default value
> really large, say 1. The only reason to change it would be
> if you had a ker
hello all.
Is there a way to config the postmaster
to log in a file all connections and querys to each database?
thanks...
---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmai
> At 05:56 PM 22-06-2001 -0400, Bruce Momjian wrote:
> >> Bruce Momjian <[EMAIL PROTECTED]> writes:
> >> Since 64 is already too much to let 7.1 fit in SHMMAX = 1MB, I think
> >> the original rationale for using 64 is looking pretty broken anyway.
> >> Comments?
> >
> >BSD/OS has a 4MB max but we
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Don't we have maxbackends configurable at runtime.
>
> Not after postmaster start, so passing it to the initial listen()
> shouldn't be a problem.
>
> The other concern I had could be addressed by making the listen
> parameter be MIN(MaxBackends, P
> That is not true. The internet happily allows for active attacks. In
> fact, active attacks are easier on the internet than passive ones.
>
> My concern is, that by having something that we proclaim to be secure, we
> need for it to really be secure.
>
> An HMAC would be a better alternative
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Don't we have maxbackends configurable at runtime.
Not after postmaster start, so passing it to the initial listen()
shouldn't be a problem.
The other concern I had could be addressed by making the listen
parameter be MIN(MaxBackends, PG_SOMAXCONN) whe
> Also, I think we should add to the client API the ability to only accept
> certain authentication schemes, to avoid active attacks tricking your
> software from sending the HMAC password in cleartext.
This is an interesting point. We have kept 'password' authentication
around for secondary pas
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Tom Lane writes:
> >> Right. Okay, it seems like just making it a hand-configurable entry
> >> in config.h.in is good enough for now. When and if we find that
> >> that's inadequate in a real-world situation, we can improve on it...
>
> > Would
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> Tom Lane writes:
>> Right. Okay, it seems like just making it a hand-configurable entry
>> in config.h.in is good enough for now. When and if we find that
>> that's inadequate in a real-world situation, we can improve on it...
> Would anything comp
Ross J. Reedstrom wrote:
> On Wed, Jul 11, 2001 at 09:56:27AM -0400, Jan Wieck wrote:
> > Rachit Siamwalla wrote:
> > >
> > > Is there any good reason to use VARCHAR over TEXT for a string field? ie.
> > > performance hits, etc.
> > >
> > > Other than running into the row size limit problem, are t
Tom Lane writes:
> Right. Okay, it seems like just making it a hand-configurable entry
> in config.h.in is good enough for now. When and if we find that
> that's inadequate in a real-world situation, we can improve on it...
Would anything computed from the maximum number of allowed connections
Quick rundown of our configuration:
Red Hat 7.1 (no changes or extras added by us)
Postgresql 7.1.2 and CVS HEAD from 07/10/2001
3.8 gb database size
I included two pgsql versions because this happens on both.
Here's the problem we're having:
We run a vacuumdb from the server on the entire dat
Ian Lance Taylor <[EMAIL PROTECTED]> writes:
> But I wouldn't worry about it, and I wouldn't worry about Nathan's
> suggestion for making the limit configurable, because Postgres
> connections don't spend time on the queue. The postgres server will
> be picking them off as fast as it can. If the
Mike Mascari writes:
> MESSAGE ON INDEX i_employees IS
> 'An employee with a matching Social Security number already exists';
>
> Then, when the UNIQUE constraint of the index is violated, instead of
> the message:
>
> 'Cannot insert a duplicate key into a unique index i_test1'
>
> the client app
Still can't index those large toasted items -- not that I want to.
One interesting aspect is versioning of text documents where you want
them to be UNIQUE in regards to book development otherwise you have
the same document with 2 or more entries (more than a single version
number). Poor example;
On Wed, Jul 11, 2001 at 09:56:27AM -0400, Jan Wieck wrote:
> Rachit Siamwalla wrote:
> >
> > Is there any good reason to use VARCHAR over TEXT for a string field? ie.
> > performance hits, etc.
> >
> > Other than running into the row size limit problem, are there any large
> > storage / performanc
Timothy H. Keitt writes:
> Anyone maintaining generic autoconf scripts for linking against libpq,
> i.e., returns path to libpq-fe.h and proper link options?
pg_config since 7.1
--
Peter Eisentraut [EMAIL PROTECTED] http://funkturm.homeip.net/~peter
---(end of bro
Rachit Siamwalla wrote:
>
> Is there any good reason to use VARCHAR over TEXT for a string field? ie.
> performance hits, etc.
>
> Other than running into the row size limit problem, are there any large
> storage / performance penalties of using TEXT for virtually all strings?
Er - what kin
Avoid doing this with indexes on the table, though. I learned the hard way!
Mark
mlw wrote:
>
> Naomi Walker wrote:
> >
> > Does postgresql have any sort of fast bulk loader?
>
> It has a very cool SQL extension called COPY. Super fast.
>
> Command: COPY
> Description: Copies data between
Zeugswetter Andreas SB wrote:
>
> On the other hand, what hinders you from using a "speaking" name for the
> constraint ?
>
> postgres=# create table aa (id int, constraint "for Social Security number" unique
>(id));
> NOTICE: CREATE TABLE/UNIQUE will create implicit index 'for Social Security
> Then, when the UNIQUE constraint of the index is violated, instead of
> the message:
>
> 'Cannot insert a duplicate key into a unique index i_test1'
>
> the client application would receive:
>
> 'An employee with a matching Social Security number already exists'
I would only allow this text
David Bennett wrote:
> Alex,
>
> I think I fully understand your position. Let me put wrap up our
> conversation so far.
> [lots of arguments for recurringchar]
All I've seen up to now is that you continue to mix up
simplification on the user side with data and content control
"Ross J. Reedstrom" wrote:
>
> Hmm, I've pulled the appropriate file from CVS, now. Seems that v102
> has most the indices, so Stephan's request of example queries is the only
> way we're going to be able to help.
>
> Hmm, on third look, I've grovelled through the PHP for ACID 0.9.6b11
> (since
Hello.
I was just curious if you guys would accept a feature which would allow
for the generation of non-standard messages for the violation of index,
check, and referential integrity constraints. I understand that Peter
E's proposal regarding error messages would allow clients to determine
in gr
On Tue, Jul 10, 2001 at 11:32:00PM -0400, Bruce Momjian wrote:
> > On Tue, Jun 26, 2001 at 11:02:15AM -0400, Bruce Momjian wrote:
> > > This is the first time I am hearing people are more concerned about
> > > pg_shadow security than the wire security. I can see cases where people
> > > are on se
48 matches
Mail list logo
