diff options
| author | Bruce Momjian <bruce@momjian.us> | 2008-03-06 17:19:38 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2008-03-06 17:19:38 +0000 |
| commit | 0083856e013410686ba187a7a9ad7133471ee50b (patch) | |
| tree | cc08050ed6b90e08a11ebbe059931facaba44fbe /doc/src | |
| parent | 7ec66eab88e0d4868e160ccdee7ab9b58bc5d097 (diff) | |
Add:
> * Prevent malicious functions from being executed with the permissions
> of unsuspecting users
>
> Index functions are safe, so VACUUM and ANALYZE are safe too.
> Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
> http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/FAQ/TODO.html | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/doc/src/FAQ/TODO.html b/doc/src/FAQ/TODO.html index 936b68968a4..c1a90974eb7 100644 --- a/doc/src/FAQ/TODO.html +++ b/doc/src/FAQ/TODO.html @@ -8,7 +8,7 @@ <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF"> <h1><a name="section_1">PostgreSQL TODO List</a></h1> <p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/> -Last updated: Wed Mar 5 22:22:28 EST 2008 +Last updated: Thu Mar 6 12:19:28 EST 2008 </p> <p>The most recent version of this document can be viewed at<br/> <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>. @@ -331,6 +331,12 @@ first. There is also a developer's wiki at<br/> </li><li>Implement Boyer-Moore searching in strpos() <p> <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a> </p> + </li><li>Prevent malicious functions from being executed with the permissions + of unsuspecting users +<p> Index functions are safe, so VACUUM and ANALYZE are safe too. + Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. + <a href="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a> +</p> </li></ul> <h1><a name="section_5">Multi-Language Support</a></h1> @@ -367,8 +373,7 @@ first. There is also a developer's wiki at<br/> </li><li>Set client encoding based on the client operating system encoding <p> Currently client_encoding is set in postgresql.conf, which defaults to the server encoding. -</p> -<p> <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a> + <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a> </p> </li></ul> <h1><a name="section_6">Views / Rules</a></h1> |