database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-26 01:22:12 +03:00
Code Activity

Add:

Browse Source 
> * Prevent malicious functions from being executed with the permissions
>   of unsuspecting users
>
>   Index functions are safe, so VACUUM and ANALYZE are safe too.
>   Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
>   http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
This commit is contained in:
Bruce Momjian
2008-03-06 17:19:38 +00:00
parent 7ec66eab88
commit 0083856e01
2 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
doc/TODO
View File

@ -1,7 +1,7 @@
PostgreSQL TODO List PostgreSQL TODO List
==================== ====================
Current maintainer: Bruce Momjian (bruce@momjian.us) Current maintainer: Bruce Momjian (bruce@momjian.us)
Last updated: Wed Mar 5 22:22:28 EST 2008 Last updated: Thu Mar 6 12:19:28 EST 2008
The most recent version of this document can be viewed at The most recent version of this document can be viewed at
http://www.postgresql.org/docs/faqs.TODO.html. http://www.postgresql.org/docs/faqs.TODO.html.
@ -151,8 +151,6 @@ Administration
http://archives.postgresql.org/pgsql-hackers/2006-12/msg00497.php http://archives.postgresql.org/pgsql-hackers/2006-12/msg00497.php
Data Types Data Types
========== ==========
@ -307,7 +305,6 @@ Data Types
* Allow MONEY to be easily cast to/from other numeric data types * Allow MONEY to be easily cast to/from other numeric data types
Functions Functions
========= =========
@ -370,6 +367,12 @@ Functions
http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php
* Prevent malicious functions from being executed with the permissions
of unsuspecting users
Index functions are safe, so VACUUM and ANALYZE are safe too.
Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
Multi-Language Support Multi-Language Support
@ -412,7 +415,6 @@ Multi-Language Support
Currently client_encoding is set in postgresql.conf, which Currently client_encoding is set in postgresql.conf, which
defaults to the server encoding. defaults to the server encoding.
http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php
@ -740,6 +742,7 @@ Referential Integrity
http://archives.postgresql.org/pgsql-hackers/2006-09/msg01458.php http://archives.postgresql.org/pgsql-hackers/2006-09/msg01458.php
Server-Side Languages Server-Side Languages
===================== =====================
@ -788,6 +791,7 @@ Server-Side Languages
http://archives.postgresql.org/pgsql-hackers/2007-05/msg00289.php http://archives.postgresql.org/pgsql-hackers/2007-05/msg00289.php
Clients Clients
======= =======
@ -929,6 +933,8 @@ Clients
http://archives.postgresql.org/pgsql-hackers/2007-03/msg01803.php http://archives.postgresql.org/pgsql-hackers/2007-03/msg01803.php
Triggers Triggers
======== ========
@ -1072,6 +1078,7 @@ Fsync
* Add program to test if fsync has a delay compared to non-fsync * Add program to test if fsync has a delay compared to non-fsync
Cache Usage Cache Usage
=========== ===========
@ -1131,7 +1138,6 @@ Cache Usage
Vacuum Vacuum
====== ======
@ -1188,6 +1194,7 @@ Vacuum
http://archives.postgresql.org/pgsql-general/2007-06/msg01645.php http://archives.postgresql.org/pgsql-general/2007-06/msg01645.php
Locking Locking
======= =======
@ -1220,6 +1227,7 @@ Locking
Startup Time Improvements Startup Time Improvements
========================= =========================
@ -1232,6 +1240,7 @@ Startup Time Improvements
a single session using multiple threads to execute a statement faster. a single session using multiple threads to execute a statement faster.
Write-Ahead Log Write-Ahead Log
=============== ===============
@ -1388,6 +1397,7 @@ Miscellaneous Performance
concurrent reads from multiple devices in a partitioned table. concurrent reads from multiple devices in a partitioned table.
Source Code Source Code
=========== ===========

11
doc/src/FAQ/TODO.html
View File

@ -8,7 +8,7 @@
<body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF"> <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
<h1><a name="section_1">PostgreSQL TODO List</a></h1> <h1><a name="section_1">PostgreSQL TODO List</a></h1>
<p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/> <p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
Last updated: Wed Mar 5 22:22:28 EST 2008 Last updated: Thu Mar 6 12:19:28 EST 2008
</p> </p>
<p>The most recent version of this document can be viewed at<br/> <p>The most recent version of this document can be viewed at<br/>
<a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>. <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@ -330,6 +330,12 @@ first. There is also a developer's wiki at<br/>
</p> </p>
</li><li>Implement Boyer-Moore searching in strpos() </li><li>Implement Boyer-Moore searching in strpos()
<p> <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a> <p> <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a>
</p>
</li><li>Prevent malicious functions from being executed with the permissions
of unsuspecting users
<p> Index functions are safe, so VACUUM and ANALYZE are safe too.
Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
<a href="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a>
</p> </p>
</li></ul> </li></ul>
<h1><a name="section_5">Multi-Language Support</a></h1> <h1><a name="section_5">Multi-Language Support</a></h1>
@ -367,8 +373,7 @@ first. There is also a developer's wiki at<br/>
</li><li>Set client encoding based on the client operating system encoding </li><li>Set client encoding based on the client operating system encoding
<p> Currently client_encoding is set in postgresql.conf, which <p> Currently client_encoding is set in postgresql.conf, which
defaults to the server encoding. defaults to the server encoding.
</p> <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
<p> <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
</p> </p>
</li></ul> </li></ul>
<h1><a name="section_6">Views / Rules</a></h1> <h1><a name="section_6">Views / Rules</a></h1>