| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Postgresql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | reuse sysids security hole? |
| Date: | 2003-08-12 14:37:19 |
| Message-ID: | 3F38FB9F.5000304@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(Thought triggered by something Tom said the other day)
Is this a security hole? Looks like one to me. Would it be better to use
a sequence generator for sysids instead of using max+1 on the user
table? Or else store the last sysid used somewhere?
andrew
facetest=# create user blurfl;
CREATE USER
facetest=# create table blurfltable (a text, b text);
CREATE TABLE
facetest=# alter table blurfltable owner to blurfl;
ALTER TABLE
facetest=# drop user blurfl;
DROP USER
facetest=# create user floobl;
CREATE USER
facetest=# \dt blurfltable
List of relations
Schema | Name | Type | Owner
--------+-------------+-------+--------
public | blurfltable | table | floobl
(1 row)
facetest=#
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Sherry | 2003-08-12 14:42:56 | Re: reuse sysids security hole? |
| Previous Message | Jan Wieck | 2003-08-12 14:35:19 | Re: Farewell |