On Thu, 2008-07-31 at 09:39 +0100, Andrew Sullivan wrote:
On Wed, Jul 30, 2008 at 06:07:53PM -0400, Alvaro Herrera wrote:
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already
On Wed, Jul 30, 2008 at 06:07:53PM -0400, Alvaro Herrera wrote:
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).
I agree.
--
Andrew Sullivan
[EMAIL PROTECTED]
+1
On Wed, 30 Jul 2008, Alvaro Herrera wrote:
I think being able to return cstring from a user defined function is
quite dangerous already. I doubt we would ever give that capability to
non-superusers.
I do agree that creating base types should require a superuser though.
It too seems
Kris Jurka [EMAIL PROTECTED] writes:
On Wed, 30 Jul 2008, Alvaro Herrera wrote:
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).
pl/java already allows
Currently, you're allowed to create a new base type if you own the I/O
functions for it. That effectively restricts the command to superusers
anyway, since there's presently no way for a non-superuser to create
a function that would have the required signature. However that's a
fairly indirect
Tom Lane [EMAIL PROTECTED] writes:
If you're not clear on why CREATE TYPE in the hands of a bad guy is
dangerous, here are a couple of reasons:
* By specifying type representation details (len/byval/align) that are
different from what the type's functions expect, you could trivially
crash
Gregory Stark [EMAIL PROTECTED] writes:
I know when I was first starting out it was a big source of frustration that
you have to get those arguments right.. Until I figured out what they all
meant and how to use them I was constantly crashing the server.
It seems to me we should be able to do
Tom Lane [EMAIL PROTECTED] writes:
As a consequence we could perhaps aim to make creating new types safe rather
than just deal with the fact that it's not safe currently? It would be nice
if
non-superusers could create types which used an existing set of input/output
functions but defined
Tom Lane wrote:
If you're not clear on why CREATE TYPE in the hands of a bad guy is
dangerous, here are a couple of reasons:
* By specifying type representation details (len/byval/align) that are
different from what the type's functions expect, you could trivially
crash the backend, and
Gregory Stark [EMAIL PROTECTED] writes:
Tom Lane [EMAIL PROTECTED] writes:
Unless you're going to allow them to create new C functions, I'm not
clear on how much they're going to be able to change the semantics.
Well there's plenty that can be done just using text or bytea as
10 matches
Mail list logo