Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
Peter Eisentraut writes: > On lör, 2010-08-21 at 15:30 -0400, Tom Lane wrote: >> The only thing that seems like it might need discussion is the name >> to give the datatype. My first instinct was pg_expr or pg_expression, >> but there are some cases where this doesn't exactly fit. In >> particular, >> pg_rewrite.ev_action contains a whole Query, in fact a list of them. > Perhaps pg_node then. pg_node sounds like there's just one. Maybe pg_node_tree? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
On lör, 2010-08-21 at 15:30 -0400, Tom Lane wrote: > The only thing that seems like it might need discussion is the name > to give the datatype. My first instinct was pg_expr or pg_expression, > but there are some cases where this doesn't exactly fit. In > particular, > pg_rewrite.ev_action contains a whole Query, in fact a list of them. Perhaps pg_node then. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
On Aug 21, 2010, at 4:23 PM, Tom Lane wrote: > Robert Haas writes: >> On Aug 21, 2010, at 3:30 PM, Tom Lane wrote: >>> We agreed that we ought to do $SUBJECT in 9.1. > >> One argument against this is that it might cause the current fix to get less >> testing. > > Less testing than what? Is this a smart remark? Less testing than it otherwise would, obviously. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
Robert Haas writes: > On Aug 21, 2010, at 3:30 PM, Tom Lane wrote: >> We agreed that we ought to do $SUBJECT in 9.1. > One argument against this is that it might cause the current fix to get less > testing. Less testing than what? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
On Aug 21, 2010, at 3:30 PM, Tom Lane wrote: > We agreed that we ought to do $SUBJECT in 9.1. One argument against this is that it might cause the current fix to get less testing. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Replacing the pg_get_expr security hack with a datatype solution
On 21 August 2010 20:30, Tom Lane wrote: > * Change all system catalog columns holding expression trees to be > declared as this type. *snip* > We could go with something like pg_parse_tree, perhaps. Or maybe > that's overthinking it. How about pg_expr_tree? -- Thom Brown Registered Linux user: #516935 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers