;ALL:!ADH:!LOW:!EXP:!MD5:@STRENGH")
> != 1)
> + if (SSL_CTX_set_cipher_list(SSL_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH")
> != 1)
> {
> postmaster_error("unable to set the cipher list (no valid ciphers
> available)");
>
[15386] FATAL: No pg_hba.conf entry for host ^L, user pgsql,
database template1
^^
--
Sean Chittenden
Index: src/bin/pg_ctl/pg_ctl.sh
===
RCS file: /home/ncvs/pgsql/pgsql-ser
t; SET transaction_read_only TO FALSE;
ERROR: Insufficient privileges to SET transaction_read_only TO FALSE
It's also possible to set transaction_force_read_only in
postgresql.conf making it possible to create read only databases to
non-superusers by starting postgresql with
default_trans
this is a huge 2nd safety belt that's easy
to apply, even though you're right, people _should_ rely on
GRANT/REVOKE though GRANT/REVOKE doesn't work in some situations
as mentioned above.
-sc
[1] Pl/PgSQL code + surrounding white space (* >300):
PERFORM TRUE FROM [te
7.4 PR, but it's proving to be quite useful here
in my tree... though I like the name "jail_read_only_transactions"
more... patch updated for new name.
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 2: you can get off all lists at once
ditty that I originally wrote
> for the sake of the 7.4 PR, but it's proving to be quite useful here
> in my tree... though I like the name "jail_read_only_transactions"
> more... patch updated for new name.
Err.. and attached. -sc
--
Sean Chittenden
Index: src/in
ing user features via a
GUC/MIB system. I'd take the MIB system any day of the week and twice
on Friday given the resulting reduction of bloat to gram.y.
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
clude'ing a header and mucking with things. Would
moving things into their own files and declaring them static be a
sufficient compromise? I'll declare the accessor functions inline
too, that way there should be zero loss of performance given
XactReadOnly is frequently used. -sc
--
Sean
st corrected so that the pgsql module doesn't depend on
earthdistance?
-sc
--
Sean Chittenden
Index: modules
===
RCS file: /home/ncvs/pgsql/CVSROOT/modules,v
retrieving revision 1.37
diff -u -r1.37 modules
--- modules 22 Aug
ciently long, but not overly long period of
time]
cvs up's, cvs co's with old scripts, and new cvs exports/co's will
work as expected.
-sc
PS After 7.4, could someone go through the motions to change $Id$ to
$PostgreSQL$?
--
Sean Chittenden
---(end of broadcast)---
TIP 8: explain analyze is your friend
ne should just select from the information schemas.
*shrug* I tabled working on the patch until there was some kind of
agreement from someone with commit privs and am waiting to pick up
quashing the remaining parser state bug until after 7.4's out the door
or there's renewed interest from non
his some, I think
the GUC system is pretty well suited for this and that Tom's objection
(correct me if I'm wrong here) is that GUC has a non-hierarchical
naming structure/convention. With a hierarchical structure, lumping
of GUC variables becomes more reasonable and the naming is more
s
ould
do this with a tunable definition of "read only?" And if you agree
with the above statement, do you have any thoughts on improving GUC so
that it could potentially be more secure or secure enough? Anything
that is written in C clobbers any attempt at being secure. What in
s
ch/thread:
http://archives.postgresql.org/pgsql-general/2003-10/msg00613.php
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
(ie, a valid usecase for an
admin or programmer who would need to see any or all of the pg_temp_*
schemas without using that data to extract more bits from the
pg_catalogs. If they know how to go through the catalogs, why do they
need \dn to display the temp schemas?).
As always, --Sean
--
; I completely agree. It's like saying that \l should only show
> databases you are currently connected to...
For the record and if Tom was referring to me, the example I gave was
to have \dn show all schemas that you have any permissions for, not
that were in the search path.
" AND (SELECT
pg_catalog.count(*)"
@@ -1562,7 +1564,7 @@
appendPQExpBuffer(&query_buffer, "\nUNION\n"
"SELECT
pg_catalog.quote_ident(n.nspname) || '.' || %s "
dynamics Of Hell Fire" - Tom Williamson (grade 12)
And here's a great pic from a a paper on the 2nd law of thermo
(http://objective.jesussave.us/slot.html):
http://objective.jesussave.us/geneticentropy.gif
Again, sorry for the noise. -sc
On May 07, 2004, at 3:04, Jim Carlson wro
plate1=# \q
% psql -h 127.0.0.1 template1
template1=# SELECT inet_client_addr() IS NULL;
?column?
--
f
(1 row)
template1=# SELECT inet_client_addr();
inet_client_addr
--
127.0.0.1
(1 row)
template1=# \q
% psql -h localhost template1
template1=# SELECT inet_client_addr();
inet_
ut temp table
-* availability during the session.
*/
- if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
+ if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
ACL_CREATE_TEMP) !=
ACLCHECK_OK)
ereport(ERROR,
a TEMP table be used as a trusted cache for data.
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
+ ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
n.
+* ACL_CREATE_TEMP perms are also checked in
+* pg_namespace_aclcheck() that way only users who have TEMP
+* perms can create objects.
*/
- if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
+ if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
e/utils/geo_decls.h 29 Nov 2003 22:41:15 - 1.43
+++ src/include/utils/geo_decls.h 17 May 2004 21:33:17 -
@@ -305,6 +305,7 @@
extern Datum box_div(PG_FUNCTION_ARGS);
/* public path routines */
+extern Datum path_area(PG_FUNCTION_ARGS);
extern Datum path_in(PG_FUNCTION_ARGS);
(log_hostname ? 0 : NI_NUMERICHOST) |
NI_NUMERICSERV))
{
- getnameinfo_all(&port->raddr.addr, port->raddr.salen,
+ int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
nstandard error message here since
* "databasename: permission denied" might be a tad cryptic.
*
-* Note we apply the check to the session user, not the currently active
- * userid, since we are not going to change our minds about temp table
-* availability during the
12:30:20 2004
+++ src/interfaces/libpq/.cvsignore Wed May 26 12:47:32 2004
@@ -0,0 +1 @@
+libpq.so.3.2
--- /dev/null Wed May 26 13:09:20 2004
+++ src/port/.cvsignore Wed May 26 13:10:07 2004
@@ -0,0 +1 @@
+pg_config_paths.h
--- /dev/null Wed May 26 13:10:46 2004
+++ src/timezone/.cvsigno
| (0,0)
| (-10,0)| [(0,0),(6,6)] | (0,0)
| (-3,4) | [(0,0),(6,6)] | (0.5,0.5)
| (5.1,34.5) | [(0,0),(6,6)] | (6,6)
======
--
Sean
used (ex: root creates a .pgpass file but forgets to chown it).
-sc
--
Sean Chittenden
Index: fe-connect.c
===
RCS file: /home/ncvs/pgsql/pgsql-server/src/interfaces/libpq/fe-connect.c,v
retrieving revision 1.248
diff -u -r1.248 fe-c
> > Howdy. Quick chump patch: if libpq finds a ~/.pgpass but can't stat
> > it, print something to stderr letting the user know.
>
> Isn't this gonna complain when the file doesn't exist at all?
*blush* Not with the attached patch. -sc
--
Se
has insecure permissions, so there's
> precedent.
This wouldn't be a bad idea, though frustrating for those that are
caught off guard by it... worth a mention in the release notes for
sure and can likely only be done at a major release point (7.4).
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
he DBA is there a flag/env
var that can be set so that libpq drops its I know better than you
attitude in the event of a complex setup? A real world example from
an Oracle shop I used to work at: ~/.pgpass is owned by the user,
group owned by the dba group, and password rotation is managed by the
dba group.
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
> directory then whether libpq works is the least of his troubles.)
*shrug* Whatever floats whoever's boat, I'm easy, just playing devils
advocate. Now that I think about it though, there's no graceful way
to get PasswordFromFile() to tell the application to abort and nor
should
ontext
(using vfprintf() is much easier than sprintf()'ing a message into a
buffer and passing the buffer to the handler - 1 LOC vs at the minimum
5). In the release notes, ask people to use -Wformat if they're
trying to lint for old code. The risk seems low to me. *shrug*
-sc
--
Sean Chi
the new protocol, there shouldn't be
any extra mangling of app source code unless their strings contain
"%[\w]{1,2}", which is a relatively uncommon pattern to run across.
Like I said though, no biggie, just something that's a nice to have
for loggin
, which helped reduce some clutter. If someone'd
like, I can clean this up so it's not doing a #include of a .c file,
which seemed a bit hoakey, but with least resistance as the goal, this
patch should stand alone and as it is: all regression tests pass. -sc
--
Sean Chittenden
Ind
n then free()'s the result.
All regression tests pass with this case and no ABI or source
incompatabilities are introduced.
-sc
--
Sean Chittenden
Index: fe-connect.c
===
RCS file: /home/ncvs/pgsql/pgsql-server/src/inter
stantial in a web environment, and bad for
PostgreSQL's image, esp with the talk of MySQL alienating its users
and Pg trying to pick up steam in the PHP community.
-sc
PS I really will lay off the topic, just trying to make a good case
for a usable and secure library. :)
--
Sean Chittenden
---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
n
> intermediate state --- it's exactly where we want it to be.
cpp is my friend. I get how this was working now: didn't notice the
2nd #include "like_match.c" earlier and thought all definitions of
MatchText and MBMatchText were the same. Tricky with the macro
It can
be the default with PostgreSQL's CLI utilities that make use of libpq
(would need to add a paranoid flag to the connection), but it
shouldn't be the default.
-sc
--
Sean Chittenden
---(end of broadcast)---
TIP 8: explain analyze is your friend
ITESPACE "\f\n\r\t\v\0" /* as defined by isspace() */
/* postmaster version ident string */
#define PM_VERSIONSTR "postmaster (PostgreSQL) " PG_VERSION "\n"
--
Sean Chittenden
---(end of broadcast)-
nsidered false. My $0.02. -sc
--
Sean Chittenden
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
quot;convert boolean to int4");
+
/*
* Symbolic values for provolatile column: these indicate whether the result
--
Sean Chittenden
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscrib
via libpq(3).
CopyErrorData() looks promising, but I'm running out of time to find a
better way to do this. Were you hinting at extending libpq(3) to
having the backend send the errcode to the frontend? -sc
--
Sean Chittenden
---(end of broadcast)
#x27;t me. Could we (ie Bruce) add getting the raw
errcode as an 8.1 TODO item? In the mean time, are you going to commit
the pg_ctl patch? -sc
--
Sean Chittenden
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
alog change in a future
beta (... and even then, I'm not sure if I'd cal it a bug fix).
System catalog bumps have been coming through with some degree of
regularity so I wasn't worried about providing the patch to bump the
catalog date. -sc
--
Sean Chittenden
ve text should
remind the committer to bump the catversion upon application. Just
to make sure he doesn't forget ;-)
Fair enough... though with this discussion it would seem like a rather
unnecessary cudgel to the head. Next time I'll bump it when adding a
built-in function, however.
default:
- break;
+ case '\0':
+ PG_RETURN_BOOL(false);
}
- ereport(ERROR,
- (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
-errmsg("invalid input syntax for type
process_psqlrc(argv[0]);
if (!pset.notty)
initializeInput(options.no_readline ? 0 : 1);
if (options.action_string) /* -f - was used */
--
Sean Chittenden
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
)/src/backend -lpostgres
+BE_DLLLIBS= -L$(DESTDIR)$(bindir) -lpostgres
DLLINIT = $(top_builddir)/src/utils/dllinit.o
AROPT = crs
--
Sean Chittenden
---(end of broadcast)---
TIP 8: explain analyze is your friend
ilding. As
things stand, pgxs is fantastically broken on darwin. :( -sc
--
Sean Chittenden
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
:09 -
@@ -5,7 +5,11 @@
DLLTOOL= dlltool
DLLWRAP= dllwrap
+ifdef PGXS
+BE_DLLLIBS= -L$(DESTDIR)$(bindir) -lpostgres
+else
BE_DLLLIBS= -L$(top_builddir)/src/backend -lpostgres
+endif
DLLINIT = $(top_builddir)/src/utils/dllinit.o
AROPT = crs
--
Sean Chittenden
-
52 matches
Mail list logo
