| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Oleg Bartunov <oleg(at)sai(dot)msu(dot)su>, Teodor Sigaev <teodor(at)sigaev(dot)ru> |
| Subject: | Re: tsvector_update_trigger() is utterly insecure |
| Date: | 2007-08-17 01:45:29 |
| Message-ID: | 200708170145.l7H1jTr15147@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> We can't put tsvector_update_trigger() into core in anything like its
> current form. As is, it will take an unqualified function name, look
> it up, and call it. The prospects for subversion by search path
> manipulation are obvious, and even if you aren't concerned about
> malicious attacks, the effects of the trigger are context-dependent
> (and maybe time-varying; it doesn't insist on the function being
> immutable) in exactly the same way that we've been saying we can't
> accept for the tsearch configuration.
>
> I think we should redefine the trigger as taking trigger arguments that
> are first a config name, then a list of one or more field names, and
> nothing else.
>
> People who want extra processing done on their fields before forming the
> tsvector can write custom triggers to do it ...
Agreed. A stated in email I didn't like the filter API on style
grounds.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2007-08-17 02:17:24 | Re: GIT patch |
| Previous Message | Bruce Momjian | 2007-08-17 01:31:29 | Re: GIT patch |