database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-03 09:13:20 +03:00
Code Activity

Add:

Browse Source 
> * Prevent malicious functions from being executed with the permissions
>   of unsuspecting users
>
>   Index functions are safe, so VACUUM and ANALYZE are safe too.
>   Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
>   http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
This commit is contained in:
Bruce Momjian
2008-03-06 17:19:38 +00:00
parent 7ec66eab88
commit 0083856e01
2 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/src/FAQ/TODO.html
View File

@@ -8,7 +8,7 @@
<body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
<h1><a name="section_1">PostgreSQL TODO List</a></h1>
<p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
Last updated: Wed Mar 5 22:22:28 EST 2008
Last updated: Thu Mar 6 12:19:28 EST 2008
</p>
<p>The most recent version of this document can be viewed at<br/>
<a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@@ -330,6 +330,12 @@ first. There is also a developer's wiki at<br/>
</p>
</li><li>Implement Boyer-Moore searching in strpos()
<p> <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a>
</p>
</li><li>Prevent malicious functions from being executed with the permissions
of unsuspecting users
<p> Index functions are safe, so VACUUM and ANALYZE are safe too.
Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
<a href="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a>
</p>
</li></ul>
<h1><a name="section_5">Multi-Language Support</a></h1>
@@ -367,8 +373,7 @@ first. There is also a developer's wiki at<br/>
</li><li>Set client encoding based on the client operating system encoding
<p> Currently client_encoding is set in postgresql.conf, which
defaults to the server encoding.
</p>
<p> <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
<a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
</p>
</li></ul>
<h1><a name="section_6">Views / Rules</a></h1>