| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Joe Conway <joe(at)conway-family(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Date: | 2001-06-08 16:09:50 |
| Message-ID: | Pine.LNX.4.30.0106081806240.757-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Tom Lane writes:
> Weren't you just arguing that such cases could/should use the OID, not
> the name at all?
Yes, but if we're going to have name arguments, we should have sane ones.
> ISTM the name-based variants will primarily be used for user-entered
> names, and in that case the user can reasonably expect that a name
> will be interpreted the same way as if he'd written it out in a query.
That would be correct if the user were actually entering the name in the
same way, i.e., unquoted or double-quoted.
> The nextval approach is ugly, I'll grant you, but it's also functional.
But it's incompatible with the SQL conventions.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 2001-06-08 16:27:37 | Re: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards |
| Previous Message | Josh Berkus | 2001-06-08 15:33:07 | Re: behavior of ' = NULL' vs. MySQL vs. Standards |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-08 22:38:00 | Re: take 2: show all / reset all |
| Previous Message | Tom Lane | 2001-06-08 04:06:05 | Re: Re: [PATCHES] Fw: Isn't pg_statistic a security hole - Solution Proposal |