[HACKERS] Disallowing multiple queries per PQexec()

This assignment is on todo list and has a benefit of providing an additional defense against SQL-injection attacks. Previous mailing list discussion is here and I attach a small patch that fix the issue by checking whether query

Re: [HACKERS] Disallowing multiple queries per PQexec()

As far as my understanding the issue at that time was inability to process creation of a database and connecting to it with one query string and that can be solved by fixing transaction restriction checks for CREATE DATABASE or disallowing multiple queries in PQexe. If the issue solved and all

Re: [HACKERS] New CORRESPONDING clause design

Hi , Here is a patch corrected as your feedback except missed tests case because corresponding by clause is implemented on the top of set operation and you can’t do that to set operation without corresponding by clause too Eg postgres=# SELECT 1 a, 2 b, 3 c UNION SELECT 4 a, 5 b, 6 c, 8 d; E

Re: [HACKERS] New CORRESPONDING clause design

Surafel On Thu, Mar 9, 2017 at 9:49 PM, Pavel Stehule wrote: > hi > > 2017-03-09 17:19 GMT+01:00 Pavel Stehule : > >> >> >> 2017-03-09 13:18 GMT+01:00 Surafel Temesgen : >> >>> Hi , >>> >>> Here is a patch corrected as your feedback

Re: [HACKERS] New CORRESPONDING clause design

On Sat, Mar 11, 2017 at 9:01 AM, Pavel Stehule wrote: > I am sending minor update - cleaning formatting and white spaces, error > messages + few more tests > Thank you very much for your help > Maybe correspondingClause needs own node type with attached location. Then > context can be much be

Re: [HACKERS] New CORRESPONDING clause design

hi Some errors are related to just CORRESPONDING without any columns. So using > expr doesn't help here. So parse node CORRESPONDING can solve both issues. > > In current implementation pointing to a node means pointing to a node’s first element so I don’t think we can be able to point to CORRESP

Re: [HACKERS] Adding the optional clause 'AS' in CREATE TRIGGER

> > > I am sending the review of this patch I found the following v Use tage in documentation v Don’t modified existing test case add new one instead v Comment in pg_constraint.c is extended make it short v Error message can be more guider if it tells about general rule v Wrong result i

Re: [HACKERS] New CORRESPONDING clause design

On Sat, Mar 18, 2017 at 7:50 PM, Tom Lane wrote: > Pavel Stehule writes: > > I have not any objection - I'll mark this patch as ready for commiter > > > I'm a little disturbed by the fact that determineMatchingColumns() > is called twice, and more disturbed by the fact that it looks to be > O(N^

Re: [HACKERS] New CORRESPONDING clause design

> > > I took a quick look through this and noted that it fails to touch > ruleutils.c, which means that dumping of views containing CORRESPONDING > certainly doesn't work. > fixed > Also, the changes in parser/analyze.c seem rather massive and > correspondingly hard to review. Is it possible to r

Re: [HACKERS] New CORRESPONDING clause design

can you help with fixing it Pavel? On Mon, Mar 27, 2017 at 11:48 AM, Pavel Stehule wrote: > Hi > > fresh update - I enhanced Value node by location field as Tom proposal. > > Few more regress tests. > > But I found significant issue, that needs bigger fix - Surafel, please, > can you fix it. > >

Re: [HACKERS] New CORRESPONDING clause design

hi Thank you very much for your help . here is the patch fix that issue as you suggest Regards Surafel On Tue, Mar 28, 2017 at 5:44 PM, Pavel Stehule wrote: > > > 2017-03-28 14:18 GMT+02:00 Pavel Stehule : > >> >> >> 2017-03-28 13:58 GMT+02:00 Surafel Temes

[HACKERS] DELETE and UPDATE with LIMIT and ORDER BY

the necessity of allowing limit and order by clause to be used with delete and update statement is discussed in the past and added to the todo list preveouse mailing list descissions http://archives.postgresql.org/pgadmin-hackers/2010-04/msg00078.php http://archives.postgresql.org/pgsql-hackers

Re: [HACKERS] Disallowing multiple queries per PQexec()

Sorry for being very late. I also think guc version of the patch can be acceptable and useful. I modified the patch as such and added to commitfest 2017-07. Regards Surafel On Sat, Mar 4, 2017 at 10:24 AM, Robert Haas wrote: > On Tue, Feb 28, 2017 at 7:34 PM, Tom Lane wrote: > >

Re: [HACKERS] Disallowing multiple queries per PQexec()

hey Vaishnavi > > I think GUC's name can be something like "multiple_query_execution" and > setting it ON/OFF will be better. I think others will also come up with > some suggestions here as the current name doesn't go well with other > existing GUCs. > Thank you very much for the suggestion multi

Re: [HACKERS] Disallowing multiple queries per PQexec()

On Mon, Jun 12, 2017 at 5:22 PM, Daniel Verite wrote: > > > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this not to > be changeable in an existing session, but it's also much less usable if you > can't set it per-databa

Re: [HACKERS] Support to COMMENT ON DATABASE CURRENT_DATABASE

On Mon, Jun 5, 2017 at 4:09 AM, Jing Wang wrote: > Hi all, > > The attached patch is to support the feature "COMMENT ON DATABASE > CURRENT_DATABASE". The solution is based on the previous discussion in [2] . > Your patch doesn't cover security labels on databases which have similar issue and con

Re: [HACKERS] Support to COMMENT ON DATABASE CURRENT_DATABASE

i can't apply your patch cleanly i think it needs rebase Regards Surafel On Thu, Aug 31, 2017 at 1:38 PM, Jing Wang wrote: > Hi All, > > Enclosed please find the patch only for the pg_dump using the 'comment on > current_database' statement. > > This patch should be working with the previous

Re: [HACKERS] Support to COMMENT ON DATABASE CURRENT_DATABASE

On Fri, Aug 25, 2017 at 11:16 AM, Jing Wang wrote: > Hi all, > > Enclosed please find the updated patch with covering security labels on > database. > > The patch cover the following commands: > i can't apply your patch cleanly i think it needs rebase Regards Surafel