| From: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
|---|---|
| To: | Peter Geoghegan <pg(at)heroku(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: A worst case for qsort |
| Date: | 2014-08-06 06:49:18 |
| Message-ID: | alpine.DEB.2.10.1408060838090.24380@sto |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> For example, if we had reason to be concerned about *adversarial*
> inputs, I think that there is a good chance that our qsort() actually
> would be problematic to the point of driving us to prefer some generally
> slower alternative.
That is an interesting point.
Indeed, a database in general often stores user-supplied data, which may
happen to be sorted for presentation purpose in an interface. Same thing
occured with hashtable algorithms and was/is a way to do DOS attacks on
web applications. I'm not sure whether the qsort version discussed here
would apply on user-supplied data, though. If so, adding some randomness
in the decision process would suffice to counter the adversarial input
argument you raised.
--
Fabien.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2014-08-06 06:57:07 | Re: A worst case for qsort |
| Previous Message | Fujii Masao | 2014-08-06 06:36:20 | Re: missing PG_RETURN_UINT16 |