| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Rod Taylor" <rbt(at)zort(dot)ca> |
| Cc: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Operator Comments |
| Date: | 2002-05-12 23:25:38 |
| Message-ID: | 18532.1021245938@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Rod Taylor" <rbt(at)zort(dot)ca> writes:
> Looks like CommentOperator goes to quite a bit of work (5 lines) to
> accomplish fetching the procedure and states specifically it's not a
> bug.
Yeah, someone once thought it was a good idea, but I was wondering about
the wisdom of it just the other day. Currently this "feature" presents
a hole in the security of comments on functions: anyone can make an
operator referencing a function, and then they'll be allowed to set the
function's comment :-(.
I can see the value in having the function comment shown when there is
no comment specifically for the operator ... but perhaps that ought to
be implemented in the client requesters, rather than wired into the
catalog representation.
> In which case RemoveOperator needs to drop comments by the
> procID as well.
No, because the comment really belongs to the function and should go
away only when the function does. But I'd vote for giving operators
their own comments.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2002-05-13 00:53:13 | Re: Nested transactions RFC |
| Previous Message | Rod Taylor | 2002-05-12 22:50:09 | Re: Operator Comments |