it in passing and remember some of the annoyances that happened in
the past.
Also, if you want me to see what you have to say, send your mail
directly to me or cc: me. I can't really keep up with the volume on
this list, and I'm likely to miss it if it's only here.
Best,
A
--
Andrew Sullivan
. (The IETF is not a speedy way to get anything
done.) I think that's the biggest reservation I've heard expressed.
Anyway, as long as nobody's worried, I can stand mute :)
Thanks for the reply.
A
--
Andrew Sullivan
a...@crankycanuck.ca
--
Sent via pgsql-hackers mailing list (pgsql-hackers
. That could be why some of us react
to the proposal with perplexed looks.
A
--
Andrew Sullivan
a...@crankycanuck.ca
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
you'll need to make the case that the trade-off is a good one.
A
--
Andrew Sullivan
a...@crankycanuck.ca
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
.
A
--
Andrew Sullivan
a...@crankycanuck.ca
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
in principle and bad idea in this case. If
you're arguing the former, clarifying why the analogies aren't
relevant would be helpful.
A
--
Andrew Sullivan
a...@crankycanuck.ca
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http
there will be things to learn from the 1.0
attempt.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql
the case with any product I've ever built, but it is a design I have
seen deployed. That design was supposed to be on top of Oracle.
There were well over 50 slaves. I don't really believe they had that
many Oracle-using slaves, though.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http
On Wed, Oct 22, 2008 at 04:14:11PM -0700, Joshua Drake wrote:
True enough, but a car doesn't roll without at least four wheels.
I'm not sure I agree: http://en.wikipedia.org/wiki/Image:1885Benz.jpg
(Sorry, I couldn't resist.)
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http
hexadecimal units, but + is problematic for other
reasons (in some vendor's implementation)?
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http
as not to conflate it with the
Netscape-defined SSL. But this is maybe straying into a different
topic.]
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your
are not even interesting from another. This is
why I think a fairly complete analysis is needed (and why I think it
hasn't been done yet).
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org
On Fri, Oct 10, 2008 at 01:44:49PM +0900, KaiGai Kohei wrote:
Andrew Sullivan wrote:
I want to focus on this description, because you appear to be limiting
the problem scope tremendously here. We've moved from general
security policy for database system to security policy for database
system
really
needed.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
the proposals aim to do. I suggest
that, without some clear statements of what things are trying to do,
and what the intended limitations are, it will always be impossible
for anyone to review the implementation of such a big feature and say
whether it does what it intends to do.
A
--
Andrew
nevertheless think that without it, the SE-PostgreSQL features will
continue to be a very awkward fit.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your
it where we can find it?
I have a couple contacts in the security world who might be able to
help with references. I'm asking them now.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org
this is helpful,
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Thu, Sep 18, 2008 at 03:25:10PM -, Greg Sabino Mullane wrote:
Frankly, the whole pg_dump mess is what keeps many people on older versions,
somtimes including 7.4.
This isn't my experience. The reasons people stay on older releases
are manifold.
A
--
Andrew Sullivan
[EMAIL PROTECTED
can't we parse all the file, separating each label by _. Then if
any arrangements of those labels matches a real configuration
parameter, select that one as the thing to match and proceed from
there?
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com
had a devastating government in Ontario some years ago that claimed
to be doing things that were just common sense; the Province is still
cleaning up the mess.)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list
,
given the orders of magnitude difference.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Wed, Sep 03, 2008 at 01:48:18PM -0400, Alvaro Herrera wrote:
I think the energy wasted in this discussion would be better spent in
working a the check-the-config-file feature. That would equally solve
this problem, as well as many others.
This seems like a good idea to me.
A
--
Andrew
because one is impatient is not on.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Wed, Aug 20, 2008 at 05:03:19PM +0300, Asko Oja wrote:
Lets get on with 8.4
Oh, I shoulda mentioned that, too -- I completely support doing this
work for 8.4. (I can think of more than one case where this feature
alone would be worth the upgrade.)
A
--
Andrew Sullivan
[EMAIL PROTECTED
to back-patch.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
or unusual as to make the risk greater than the reward.
A formal policy that's any more detailed than what's in the FAQ today
is a solution in search of a problem.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql
On Wed, Jul 30, 2008 at 06:07:53PM -0400, Alvaro Herrera wrote:
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).
I agree.
--
Andrew Sullivan
[EMAIL PROTECTED]
+1
.
I'm less worried about the PR, and more worried about the truck-sized
hole this opens in any authentication controls. It seems to me that
it's a fairly serious problem.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing
heavy-duty locks when it does its setup work. It's
designed that you should have an application outage for this sort of
work. Please see previous discussion on the Slony mailing list.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql
to
that is not an infinitely large source tarball?
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
still have to talk to all those
connections when doing schema changes.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org
.
Slony, frankly, sucks for this use case. The manual says as much,
although in more orotund phrases than that.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes
problems. This will for sure cause spikes.
You need to tell us more about what you're doing. And I bet some of
it belongs on the slony lists.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers
will complain we are interfering
with their right to bare feet. Or something.
(Apologies, everyone. I guess I better go have more coffee.)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org
On Sun, Jun 15, 2008 at 11:53:57PM +0200, Peter Eisentraut wrote:
Isn't that what a local DNS caching-only server would accomplish?
Only if you looked up the DNS name at auth time :)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via
in hearing the verdict.
A
[1]
http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-reverse-mapping-considerations/
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your
that for any real world wide-scale uses, you want
to use some sort of strong authentication.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http
.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
.
I think we'd be fools to encourage such trust. If you don't look up
at _least_ at connection time, this feature should be rejected on the
grounds that it opens a new authentication hole a mile wide.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com
whoever was operating that list moved it to pgfoundry, I doubt
it (except on backups somewhere).
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription
On Sun, Jun 01, 2008 at 01:43:22PM -0400, Tom Lane wrote:
power to him. (Is the replica-hooks-discuss list still working?) But
Yes. And silent as ever. :-)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list
On Sun, Jun 01, 2008 at 10:13:07PM -0700, David E. Wheeler wrote:
What locale is right? If I have a Web app, there could be data in many
different languages in a single table/column.
I think the above amounts to a need for per-session locale settings or
something, no?
A
--
Andrew Sullivan
work on every node.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
a little more
like in-database locale or something.
I think if you want some special treatment of text for some users, it
should be explicit.
Yes. Also, not just text. Think of currency, numeric separators, c.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http
to be developed responsibly
without making everything else wait for it.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref
On Thu, May 29, 2008 at 12:11:21PM -0400, Brian Hurt wrote:
Being able to do read-only queries makes this feature more valuable in more
situations, but I disagree that it's a deal-breaker.
Your managers are apparently more enlightened than some. ;-)
A
--
Andrew Sullivan
[EMAIL PROTECTED
. (As I've told more than one
person looking at it, there is a risk that you'll actually make your
installation complicated enough that you'll make it _less_ reliable.
I have some bitter personal experiences with this effect, and I know
some others on this list do as well.)
A
--
Andrew Sullivan
to say that I think an API is impossible or undesirable.
It is to say that the last few times we tried, it went nowhere; and
that I don't think the circumstances have changed.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers
that.
Another thing I like about the current proposal is that it is very
clear about what it is (and isn't) aiming for.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes
(maybe even more,
and simple ones, soon). The synchronous-needing crowd currently have
nothing. The proposed feature would be a huge improvement.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers
to set up.
Other systems hide that work.
Given that (for instance) psql is really very easy to use once you
know a few things, the ongoing pain of simple replication in Postgres
is a big wart.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent
to make it look like other default primary keys, I have no
objection.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org
that the
current proof-of-concept work is what will be needed to address the
design goals. I do think that somewhat clearer scope definitions
would be a big help in deciding which modifications are really needed,
and where.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http
of Postgres
(i.e. not an enhancement but a reconception) or else as being
implementable with another approach.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your
functionality (so if
you can't hide the existence of a table, but all efforts to learn its
contents don't work, I might be willing to support that trade-off).
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers
), the same thing happens.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
). Positive values are east from UTC. INTERVAL '-08:00' HOUR
TO MINUTE
The time zone 8 hours west from UTC (equivalent to PST).
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org
On Fri, May 02, 2008 at 03:58:01PM -0400, Chris Browne wrote:
Andrew Sullivan recently had some choice words about the merits of
ENUM; I think the same applies to drivers that do
PQexec(COMMIT;BEGIN)...
Oh, heaven. I can at least think of ways to use ENUM such that you
can justify the trade
to make it require a server restart to make it really
effective), I think it could be useful.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http
1997 EST
January is in Standard time in Eastern zones. Note that you asked for
1997-01-29 12:31:42.92214 EDT, and got back what time that would be
_for your actual timezone_. Same thing for the Pacific case.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com
more elegant way of putting what I thought. Thanks,
Tom.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql
that is effective for
only one class of attacks is a bad idea. Making the battlefield
smaller is one thing one can do to decrease one's exposure to attack.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql
of
insisting on PQExecParams() instead of anything else?
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql
to covering most SQL injection cases, it's a bad idea.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql
[I know, I know, bad form]
On Tue, Apr 29, 2008 at 04:55:21PM -0400, Andrew Sullivan wrote:
thinking they have to worry about that area of security at all. I
think without a convincing argument that the proposal will even come
close to covering most SQL injection cases, it's a bad idea
, and that virtually every list server software shipping since
about 2000 has it built in and turned on by default, I fail completely
to see how using something as free-form as a signature footer is
supposed to be an improvement.
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http
us how such headers
are supposed to work?
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Fri, Apr 11, 2008 at 06:46:18PM +0100, Gregory Stark wrote:
As an aside, you've reminded me about another thing that bothers me about
Bugzilla and RT. In both cases they seem to put a lot of focus around the
idea of searching bugs. I don't really get why.
To be fair to RT, it's really
On Wed, Apr 02, 2008 at 05:09:14PM -0400, Andrew Dunstan wrote:
Standard Modules. Maybe we could rename the directory modules. IIRC
This seems like an easy and practical answer.
A
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
On Mon, Mar 24, 2008 at 06:39:25PM -0400, Andrew Dunstan wrote:
perusing a mailbox again. We have unfortunately been badly underprepared
for this.
Surely that there is an emerging consensus to that effect means that it's
not as unfortunate as it might be? I seem to recall the original
On Thu, Feb 28, 2008 at 08:58:01AM -0800, Josh Berkus wrote:
Well, I guess the question is: if we don't offer some builtin way to render
non-standard formats built into company products, will those companies fix
their format or just not use PostgreSQL?
Well, there is an advantage that
On Thu, Feb 21, 2008 at 10:43:27AM -0800, Joshua D. Drake wrote:
often. It is poor implementation and proof that the theoretical
security implications that are being brought up in this thread are far
from the practical reality.
We have this hole over here for historical reasons, so let's
On Tue, Feb 19, 2008 at 08:37:51PM -0500, Andrew Dunstan wrote:
The way I intended to do it would indeed allow it to be undone simply by
executing 'drop language plpgsql' in template1.
Why isn't it enough that administrators can do CREATE LANGUAGE plpgsql in
template1?
I think this is
, and confess it's one of the many reasons I think AIX
should be prounounced as one word, rather than three letters.)
Andrew Sullivan wrote:
Something is using up the memory on the machine, or (I'll bet this is
more
likely) your user (postgres? Whatever's running the postmaster) has a
ulimit
On Tue, Jan 08, 2008 at 05:27:16PM +0100, Michael Akinde wrote:
Those are the ulimits of the db_admin account (i.e., the user that set
up and runs the DB processes). Is Postgres limited by other settings?
Are you sure?
On one system I used many years ago, /bin/sh wasn't what I thought it
On Tue, Jan 08, 2008 at 01:08:52AM +0100, Markus Schiltknecht wrote:
Uh, which key are you talking about? AFAIU Simon's proposal, he suggests
maintaining min/max values for all columns of the table.
Right, but I think that's just because that approach is automatable. Only
some use cases are
On Tue, Jan 08, 2008 at 02:12:28AM +, Gregory Stark wrote:
Yes: it doesn't solve the problem I have, which is that I don't want to
have to manage a whole bunch of tables. I want one table, and I want to
be able to say, That section is closed.
That's not your problem, that's the
On Tue, Jan 08, 2008 at 05:53:28PM +, Sam Mason wrote:
What about a stored procedure in a language that allows you to do
system(3) calls?
PL/bash? (I think there is something like this). But surely the ulimit
before start is much easier!
A
---(end of
On Sat, Jan 05, 2008 at 08:02:41PM +0100, Markus Schiltknecht wrote:
Well, management of relations is easy enough, known to the DBA and most
importantly: it already exists. Having to set up something which is
*not* tied to a relation complicates things just because it's an
additional
On Mon, Jan 07, 2008 at 10:40:23AM +0100, Michael Akinde wrote:
As suggested, I tested a VACUUM FULL ANALYZE with 128MB shared_buffers
and 512 MB reserved for maintenance_work_mem (on a 32 bit machine with 4
GB RAM). That ought to leave more than enough space for other processes
in the
On Mon, Jan 07, 2008 at 07:16:35PM +0100, Markus Schiltknecht wrote:
Does anything speak against letting the DBA handle partitions as relations?
Yes: it doesn't solve the problem I have, which is that I don't want to have
to manage a whole bunch of tables. I want one table, and I want to be
On Fri, Jan 04, 2008 at 01:29:55PM +0100, Markus Schiltknecht wrote:
Agreed. Just a minor note: I find marked read-only too strong, as it
implies an impossibility to write. I propose speaking about mostly-read
segments, or optimized for reading or similar.
I do want some segments to be
On Thu, Jan 03, 2008 at 07:11:07AM +0200, Brian Modra wrote:
Thanks, I think you have me on the right track. I'm testing a vacuum
analyse now to see how long it takes, and then I'll set it up to
automatically run every night (so that it has a chance to complete
before about 6am.)
Note that
On Fri, Jan 04, 2008 at 02:37:03PM -0500, Bruce Momjian wrote:
The problem with adding SSL to local sockets is this slippery slope
where we only do part of the job, but it isn't clear where to draw the
line.
I don't think part of the job for a patch is a slippery slope. It's what
you do with
On Fri, Jan 04, 2008 at 10:26:54PM +0100, Markus Schiltknecht wrote:
I'm still puzzled about how a DBA is expected to figure out which
segments to mark.
I think that part might be hand-wavy still. But once this facility is
there, what's to prevent the current active segment (and the rest)
On Wed, Jan 02, 2008 at 09:29:24AM -0600, Abraham, Danny wrote:
We are looking for a patch that will help us count using the indexes.
Is this for
SELECT count(*) FROM table;
or
SELECT count(1) FROM table WHERE. . .
The latter _will_ use an index, if the
On Wed, Jan 02, 2008 at 05:53:35PM +0200, Brian Modra wrote:
This table is added to in real time, at least 10 rows per second.
[. . .]
If I do a select which uses the pkey index, where equal to the ID
column, and greater than one of the values, which should return about
1500 rows, it
On Sat, Dec 29, 2007 at 02:09:23AM +1100, Naz Gassiep wrote:
In the web world, it is the client's responsibility to ensure that they
check the SSL cert and don't do their banking at
www.bankofamerica.hax0r.ru and there is nothing that the real banking
site can do to stop them using their
On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
I don't follow. What are banks doing on the web now to force clients
to authenticate them, and how is it any different from the model of
training users to check the SSL certificate?
Some banks (mostly Swiss and German, from what
On Mon, Dec 24, 2007 at 12:04:16AM +0100, Tomasz Ostrowski wrote:
Not at all, as it won't run as root, it'll just start as root and
then give up all root privileges. The only thing it would have after
being root is just an open socket.
If you think that is complete protection against
On Sun, Dec 23, 2007 at 09:52:14PM +0100, Magnus Hagander wrote:
My point is that all these other server products have the exact same
issue. And that they deal with it the exact same we do - pretty much
leave it up to the guy who configure the server to realize that's just
how things work.
On Sun, Dec 23, 2007 at 01:45:14AM -0500, Tom Lane wrote:
The primary reason things work like that is that there are boatloads of
machines that are marginally misconfigured. For instance, userland
thinks there is IPv6 support when the kernel thinks not (or vice versa).
Not only marginally
On Fri, Dec 21, 2007 at 12:09:28AM -0500, Merlin Moncure wrote:
Maybe a key management solution isn't required. If, instead of
strictly wrapping a language with an encryption layer, we provide
hooks (actors) that have the ability to operate on the function body
when it arrives and leaves
On Fri, Dec 21, 2007 at 12:40:05AM -0500, Tom Lane wrote:
whether there is a useful policy for it to implement. Andrew Sullivan
argued upthread that we cannot get anywhere with both keys and encrypted
function bodies stored in the same database (I hope that's an adequate
summary of his point
On Fri, Dec 21, 2007 at 01:57:44PM -0500, Tom Lane wrote:
Merlin Moncure [EMAIL PROTECTED] writes:
ISTM the main issue is how exactly the authenticated user interacts
with the actor to give it the information it needs to get the real
key. This is significant because we don't want to be
On Fri, Dec 21, 2007 at 04:19:51PM -0500, Tom Lane wrote:
2. Protect the content of a field from _some_ users on a given system,
I would argue that (2) is reasonably well served today by setting up
separate databases for separate users.
I thought actually this was one of the use-cases we
On Wed, Dec 19, 2007 at 11:15:37AM -0500, Tom Lane wrote:
hoping to draw responses from careless people? I've heard of web
comment-spammers who try to get other people to decode captchas
for them this way.
Yes. This is the latest spammer trick. They get people all over the globe
to decode
On Fri, Dec 14, 2007 at 06:42:24PM -0500, Tom Lane wrote:
How do people feel about applying this to 8.3, rather than holding it?
To me, this is a feature change, and therefore should be held.
A
---(end of broadcast)---
TIP 5: don't forget to
1 - 100 of 384 matches
Mail list logo
