pgsql: Add: > * Prevent malicious functions from being executed with

From: momjian(at)postgresql(dot)org (Bruce Momjian)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Add: > * Prevent malicious functions from being executed with
Date: 2008-03-06 17:19:38
Message-ID: 20080306171938.5D27A753F32@cvs.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Log Message:
-----------
Add:

> * Prevent malicious functions from being executed with the permissions
> of unsuspecting users
>
> Index functions are safe, so VACUUM and ANALYZE are safe too.
> Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
> http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php

Modified Files:
--------------
pgsql/doc:
TODO (r1.2261 -> r1.2262)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/TODO?r1=1.2261&r2=1.2262)
pgsql/doc/src/FAQ:
TODO.html (r1.770 -> r1.771)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/FAQ/TODO.html?r1=1.770&r2=1.771)

Browse pgsql-committers by date

  From Date Subject
Next Message Bruce Momjian 2008-03-06 17:28:22 pgsql: Add: > > o Prevent escape string warnings when object names
Previous Message Bruce Momjian 2008-03-06 16:31:42 pgsql: Improve "bgwriter_lru_multiplier" GUC description.