Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-09-02 Thread Tom Lane
Peter Eisentraut pete...@gmx.net writes: On lör, 2010-08-21 at 15:30 -0400, Tom Lane wrote: The only thing that seems like it might need discussion is the name to give the datatype. My first instinct was pg_expr or pg_expression, but there are some cases where this doesn't exactly fit. In

Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-22 Thread Peter Eisentraut
On lör, 2010-08-21 at 15:30 -0400, Tom Lane wrote: The only thing that seems like it might need discussion is the name to give the datatype. My first instinct was pg_expr or pg_expression, but there are some cases where this doesn't exactly fit. In particular, pg_rewrite.ev_action contains

[HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-21 Thread Tom Lane
We agreed that we ought to do $SUBJECT in 9.1. Right offhand the outlines of a cleaner solution look pretty obvious: * Create a datatype with the same internal representation as TEXT; make its input and recv routines throw errors, while the output routines just reuse textout/textsend. * Provide

Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-21 Thread Thom Brown
On 21 August 2010 20:30, Tom Lane t...@sss.pgh.pa.us wrote: * Change all system catalog columns holding expression trees to be declared as this type. *snip* We could go with something like pg_parse_tree, perhaps.  Or maybe that's overthinking it. How about pg_expr_tree? -- Thom Brown

Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-21 Thread Robert Haas
On Aug 21, 2010, at 3:30 PM, Tom Lane t...@sss.pgh.pa.us wrote: We agreed that we ought to do $SUBJECT in 9.1. One argument against this is that it might cause the current fix to get less testing. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes

Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-21 Thread Tom Lane
Robert Haas robertmh...@gmail.com writes: On Aug 21, 2010, at 3:30 PM, Tom Lane t...@sss.pgh.pa.us wrote: We agreed that we ought to do $SUBJECT in 9.1. One argument against this is that it might cause the current fix to get less testing. Less testing than what?

Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution

2010-08-21 Thread Robert Haas
On Aug 21, 2010, at 4:23 PM, Tom Lane t...@sss.pgh.pa.us wrote: Robert Haas robertmh...@gmail.com writes: On Aug 21, 2010, at 3:30 PM, Tom Lane t...@sss.pgh.pa.us wrote: We agreed that we ought to do $SUBJECT in 9.1. One argument against this is that it might cause the current fix to get