| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, David Rowley <dgrowleyml(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: can we mark upper/lower/textlike functions leakproof? |
| Date: | 2024-08-01 14:05:44 |
| Message-ID: | 02f83435-c2c9-4ec5-846d-c2efd259cf43@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 8/1/24 07:57, Robert Haas wrote:
> On Wed, Jul 31, 2024 at 4:42 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
>> You are assuming that everyone allows direct logins with the ability to
>> create procedures. Plenty don't.
>
> Well, if you can send queries, then you can do the same thing, driven
> by client-side logic.
Sure. Of course you should be monitoring your production servers for
anomalous workloads, no? "Gee, why is Joe running the same query
millions of times that keeps throwing errors? Maybe we should go see
what Joe is up to"
> If you can't directly send queries in any form, then I guess things
> are different.
Right, and there are plenty of those. I have even worked with at least
one rather large one on behalf of your employer some years ago.
> But I don't really understand what kind of system you have in mind.
Well I did say I was being hand wavy ;-)
It has been a long time since I thought deeply about this. I will try to
come back with something more concrete if no one beats me to it.
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-08-01 14:26:05 | Re: can we mark upper/lower/textlike functions leakproof? |
| Previous Message | Joe Conway | 2024-08-01 13:54:52 | Re: can we mark upper/lower/textlike functions leakproof? |