Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0083856

Browse files
committed
Add:
> * Prevent malicious functions from being executed with the permissions> of unsuspecting users>> Index functions are safe, so VACUUM and ANALYZE are safe too.> Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.>http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
1 parent7ec66ea commit0083856

File tree

2 files changed

+24
-9
lines changed

2 files changed

+24
-9
lines changed

‎doc/TODO

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
PostgreSQL TODO List
22
====================
33
Current maintainer:Bruce Momjian (bruce@momjian.us)
4-
Last updated:Wed Mar5 22:22:28 EST 2008
4+
Last updated:Thu Mar6 12:19:28 EST 2008
55

66
The most recent version of this document can be viewed at
77
http://www.postgresql.org/docs/faqs.TODO.html.
@@ -151,8 +151,6 @@ Administration
151151
http://archives.postgresql.org/pgsql-hackers/2006-12/msg00497.php
152152

153153

154-
155-
156154
Data Types
157155
==========
158156

@@ -307,7 +305,6 @@ Data Types
307305
* Allow MONEY to be easily cast to/from other numeric data types
308306

309307

310-
311308
Functions
312309
=========
313310

@@ -370,6 +367,12 @@ Functions
370367

371368
http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php
372369

370+
* Prevent malicious functions from being executed with the permissions
371+
of unsuspecting users
372+
373+
Index functions are safe, so VACUUM and ANALYZE are safe too.
374+
Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
375+
http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
373376

374377

375378
Multi-Language Support
@@ -412,7 +415,6 @@ Multi-Language Support
412415

413416
Currently client_encoding is set in postgresql.conf, which
414417
defaults to the server encoding.
415-
416418
http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php
417419

418420

@@ -740,6 +742,7 @@ Referential Integrity
740742
http://archives.postgresql.org/pgsql-hackers/2006-09/msg01458.php
741743

742744

745+
743746
Server-Side Languages
744747
=====================
745748

@@ -788,6 +791,7 @@ Server-Side Languages
788791
http://archives.postgresql.org/pgsql-hackers/2007-05/msg00289.php
789792

790793

794+
791795
Clients
792796
=======
793797

@@ -929,6 +933,8 @@ Clients
929933

930934
http://archives.postgresql.org/pgsql-hackers/2007-03/msg01803.php
931935

936+
937+
932938
Triggers
933939
========
934940

@@ -1072,6 +1078,7 @@ Fsync
10721078
* Add program to test if fsync has a delay compared to non-fsync
10731079

10741080

1081+
10751082
Cache Usage
10761083
===========
10771084

@@ -1131,7 +1138,6 @@ Cache Usage
11311138

11321139

11331140

1134-
11351141
Vacuum
11361142
======
11371143

@@ -1188,6 +1194,7 @@ Vacuum
11881194
http://archives.postgresql.org/pgsql-general/2007-06/msg01645.php
11891195

11901196

1197+
11911198
Locking
11921199
=======
11931200

@@ -1220,6 +1227,7 @@ Locking
12201227

12211228

12221229

1230+
12231231
Startup Time Improvements
12241232
=========================
12251233

@@ -1232,6 +1240,7 @@ Startup Time Improvements
12321240
a single session using multiple threads to execute a statement faster.
12331241

12341242

1243+
12351244
Write-Ahead Log
12361245
===============
12371246

@@ -1388,6 +1397,7 @@ Miscellaneous Performance
13881397
concurrent reads from multiple devices in a partitioned table.
13891398

13901399

1400+
13911401
Source Code
13921402
===========
13931403

‎doc/src/FAQ/TODO.html

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<bodybgcolor="#FFFFFF"text="#000000"link="#FF0000"vlink="#A00000"alink="#0000FF">
99
<h1><aname="section_1">PostgreSQL TODO List</a></h1>
1010
<p>Current maintainer: Bruce Momjian (<ahref="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
11-
Last updated:Wed Mar5 22:22:28 EST 2008
11+
Last updated:Thu Mar6 12:19:28 EST 2008
1212
</p>
1313
<p>The most recent version of this document can be viewed at<br/>
1414
<ahref="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@@ -330,6 +330,12 @@ <h1><a name="section_4">Functions</a></h1>
330330
</p>
331331
</li><li>Implement Boyer-Moore searching in strpos()
332332
<p><ahref="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a>
333+
</p>
334+
</li><li>Prevent malicious functions from being executed with the permissions
335+
of unsuspecting users
336+
<p> Index functions are safe, so VACUUM and ANALYZE are safe too.
337+
Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
338+
<ahref="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a>
333339
</p>
334340
</li></ul>
335341
<h1><aname="section_5">Multi-Language Support</a></h1>
@@ -367,8 +373,7 @@ <h1><a name="section_5">Multi-Language Support</a></h1>
367373
</li><li>Set client encoding based on the client operating system encoding
368374
<p> Currently client_encoding is set in postgresql.conf, which
369375
defaults to the server encoding.
370-
</p>
371-
<p><ahref="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
376+
<ahref="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
372377
</p>
373378
</li></ul>
374379
<h1><aname="section_6">Views / Rules</a></h1>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp