Re: [HACKERS] [GENERAL] LDAP service lookup

2007-08-28 Thread Albe Laurenz
Dawid Kuroczko wrote: [...] and it also would be valuable to add into pg_service.conf.sample an example ldap:// stanza, so if person opens the file, she will be enlightened. I like that idea. And a missing feature. Or rather treat it as feature request. :-) A wildcard entry. I would like

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Heikki Linnakangas
Tom Lane wrote: btreefuncs.c is a security hole a mile wide: it will happily dump the entire data content of an index for you. It's a good thing this hasn't shipped in any release yet. While we could possibly make it look up the index's parent table and check if you have SELECT privilege on

[HACKERS] Diffondete......

2007-08-28 Thread Enrico
E troppo bello!!! http://www.youtube.com/watch?v=VU-VsLpHC3wmode=relatedsearch= Buona giornata Enrico -- Enrico Pirozzi Web: http://www.enricopirozzi.info E-Mail: [EMAIL PROTECTED] Skype: sscotty71 ---(end of broadcast)--- TIP 2: Don't 'kill -9'

Re: [HACKERS] [GENERAL] Undetected corruption of table files

2007-08-28 Thread Albe Laurenz
Tom Lane wrote: Would it be an option to have a checksum somewhere in each data block that is verified upon read? That's been proposed before and rejected before. See the archives ... I think the prior discussions were around the same time WAL was initially put in, and/or when we

Re: [HACKERS] Diffondete......

2007-08-28 Thread Enrico
On Tue, 28 Aug 2007 10:15:41 +0200 Enrico [EMAIL PROTECTED] wrote: E troppo bello!!! I'm sorry , I apoligize. I select the wrong address. I'm sorry again. -- Enrico Pirozzi Web: http://www.enricopirozzi.info E-Mail: [EMAIL PROTECTED] Skype: sscotty71 ---(end of

Re: [HACKERS] Testing the other tsearch dictionaries

2007-08-28 Thread Heikki Linnakangas
Tom Lane wrote: I was a bit unhappy to realize just now that the patch Heikki sent in, and I reviewed and applied, actually broke dict_synonym. (Modifying a string tends to modify the result of strlen() ...) While we can't cover *everything* in the regression tests, it now seems like a bad

Re: [HACKERS] [GENERAL] One database vs. hundreds?

2007-08-28 Thread btober
(On the GENERAL list) Kamil Srot wrote: Kynn Jones wrote: I'm hoping to get some advice on a design question ... ...we use pgsql partitioning for other reasons and it has some of the features you want (data separation, query performance, ...). It can be worth reading:

Re: [HACKERS] Testing the other tsearch dictionaries

2007-08-28 Thread Tom Lane
Heikki Linnakangas [EMAIL PROTECTED] writes: Tom Lane wrote: The difficulty in testing these is that they require configuration files, which the regression tests really can't install. (If the configuration were all inside the database it wouldn't be such a problem, but that's a lost cause

Re: [HACKERS] [GENERAL] Undetected corruption of table files

2007-08-28 Thread Lincoln Yeoh
At 11:48 PM 8/27/2007, Trevor Talbot wrote: On 8/27/07, Jonah H. Harris [EMAIL PROTECTED] wrote: On 8/27/07, Tom Lane [EMAIL PROTECTED] wrote: that and the lack of evidence that they'd actually gain anything I find it somewhat ironic that PostgreSQL strives to be fairly non-corruptable,

Re: [HACKERS] Testing the other tsearch dictionaries

2007-08-28 Thread Andrew Dunstan
Tom Lane wrote: No, we have the ability to run a contrib module that's already been installed. pg_regress cannot assume it has write privileges on $SHAREDIR --- consider the make installcheck case. How big are these files? If small, is there a reason we can't

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Tom Lane
Josh Berkus [EMAIL PROTECTED] writes: Well, that puts us back in the position of requiring a read or metadata permission for tablespaces, or requiring superuser access. The latter is unpalatable because there are existing tools in the field which work without superuser access; the former

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Josh Berkus
Tom, ... in particular, that restriction seems pretty content-free for most practical layouts. And it's got interesting security behaviors: DBA A, by more-or-less innocently allowing some tables in his database B to be created in tablespace C, might be allowing his unrelated user D to find

Re: [HACKERS] FW: was [PERFORM] partitioned table and ORDER BY indexed_field DESC LIMIT 1

2007-08-28 Thread Bruce Momjian
This has been saved for the 8.4 release: http://momjian.postgresql.org/cgi-bin/pgpatches_hold --- Luke Lonergan wrote: Below is a patch against Greenplum Database that fixes the problem. - Luke --

Re: [HACKERS] Testing the other tsearch dictionaries

2007-08-28 Thread Heikki Linnakangas
Andrew Dunstan wrote: Tom Lane wrote: No, we have the ability to run a contrib module that's already been installed. pg_regress cannot assume it has write privileges on $SHAREDIR --- consider the make installcheck case. How big are these files? If small, is there a reason we can't

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Dave Page
Tom Lane wrote: * no restriction on database-size function *when applied to the current database* (again, you could look into pg_class); to apply to some other database, you must have connect privileges. (Actually, on the assumption that you must have connect privs to current DB, I guess we

[HACKERS] PickSplit method of 2 columns ... error

2007-08-28 Thread Kevin Neufeld
Has anyone come across this error before? LOG: PickSplit method of 2 columns of index 'asset_position_lines_asset_cubespacetime_idx' doesn't support secondary split This is a multi-column GiST index on an integer and a cube (a data type from the postgres cube extension module). I traced the

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Tom Lane
Dave Page [EMAIL PROTECTED] writes: Tom Lane wrote: * tablespace-size function requires being owner of current DB. I assume superusers will also be able to use it, not just the actual owner? Right --- it'd be an ownercheck call which means that superusers and anyone who's been granted

Re: [HACKERS] [COMMITTERS] pgsql: Fix brain fade in DefineIndex(): it was continuing to access the

2007-08-28 Thread Andrew Dunstan
Tom Lane wrote: Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: This particular issue could be implemented just by adding -DCLOBBER_CACHE_ALWAYS to CFLAGS (or CPPFLAGS if you want to be anal about it). I suppose that no new buildfarm mechanism is required --- someone just

Re: [HACKERS] MSVC build system

2007-08-28 Thread Magnus Hagander
Tom Lane wrote: Magnus Hagander [EMAIL PROTECTED] writes: Alvaro Herrera wrote: That, or we create the makefiles in a fixed system and keep the Makefiles in CVS (though would be derived files). IIRC, we previously looked into cmake and concluded it supported a lot fewer platforms than

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Tom Lane
We seem to be down to arguing about what permissions are needed to execute the tablespace-size functions. I wrote: * tablespace-size function requires being owner of current DB. There is nothing particularly principled about the last choice, but it's not superuser and not wide open either.

Re: [HACKERS] Insufficient attention to security in contrib (mostly)

2007-08-28 Thread Tom Lane
Heikki Linnakangas [EMAIL PROTECTED] writes: Tom Lane wrote: btreefuncs.c is a security hole a mile wide: it will happily dump the entire data content of an index for you. It's a good thing this hasn't shipped in any release yet. While we could possibly make it look up the index's parent

[HACKERS] Contrib modules documentation online

2007-08-28 Thread Albert Cervera i Areny
I've been working on converting the current README files for all contrib modules into sgml and add it to the documentation. There are still some fixes to do but i'd like to have some feedback. Indeed, it wasn't agreed to have all if any of the modules together with the core documentation. You

[HACKERS] reviving dead buildfarm animals

2007-08-28 Thread Tom Lane
I notice that five different buildfarm members are about to slide off the HEAD list for not having reported in within a month. Do we have any process for pestering their owners to revive them? If the hardware went south, or there was some other deliberate decision to retire them, that's fine ---