Re: Restricting Postgres

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Matt Clark <matt(at)ymogen(dot)net>
Cc: Pierre-Frédéric Caillaud <lists(at)boutiquenumerique(dot)com>, pgsql-performance(at)postgresql(dot)org
Subject: Re: Restricting Postgres
Date: 2004-11-05 05:16:46
Message-ID: 20041105051646.GA22486@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-performance

On Thu, Nov 04, 2004 at 23:32:57 +0000,
Matt Clark <matt(at)ymogen(dot)net> wrote:
> >
> > I think in the future there will be a good bit of presentation
> >login in the client...
>
> Not if Bruno has his way ;-)

Sure there will, but it will be controlled by the client, perhaps taking
suggestions from the style sheet pointed to by the document.

Running foreign code from random or even semi-random places is a recipe
for becoming a spam server. See examples from Microsoft such as their
spreadsheet and office software. Documents really need to be passive
data, not active code.

If the client and the server have a special trust relationship, then
running code supplied by the server makes sense. So you might use javascript
within a business where the IT department runs the server and the employees
run clients. However, encouraging people to browse the internet with
javascript enabled is a bad idea.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Mike Cox 2004-11-05 05:26:39 Re: RFD
Previous Message Gary L. Burnore 2004-11-05 05:03:34 Re: I need someone to take over the RFD process.

Browse pgsql-performance by date

  From Date Subject
Next Message Antony Paul 2004-11-05 07:16:20 Checking = with timestamp field is slow
Previous Message Neil Conway 2004-11-05 04:35:08 Re: Anything to be gained from a 'Postgres Filesystem'?