From 0083856e013410686ba187a7a9ad7133471ee50b Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 6 Mar 2008 17:19:38 +0000 Subject: Add: > * Prevent malicious functions from being executed with the permissions > of unsuspecting users > > Index functions are safe, so VACUUM and ANALYZE are safe too. > Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. > http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php --- doc/src/FAQ/TODO.html | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'doc/src') diff --git a/doc/src/FAQ/TODO.html b/doc/src/FAQ/TODO.html index 936b68968a4..c1a90974eb7 100644 --- a/doc/src/FAQ/TODO.html +++ b/doc/src/FAQ/TODO.html @@ -8,7 +8,7 @@

PostgreSQL TODO List

Current maintainer: Bruce Momjian (bruce@momjian.us)
-Last updated: Wed Mar 5 22:22:28 EST 2008 +Last updated: Thu Mar 6 12:19:28 EST 2008

The most recent version of this document can be viewed at
http://www.postgresql.org/docs/faqs.TODO.html. @@ -330,6 +330,12 @@ first. There is also a developer's wiki at

Implement Boyer-Moore searching in strpos()

http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php +

Prevent malicious functions from being executed with the permissions + of unsuspecting users +

Index functions are safe, so VACUUM and ANALYZE are safe too. + Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. + http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php

Multi-Language Support

@@ -367,8 +373,7 @@ first. There is also a developer's wiki at

Set client encoding based on the client operating system encoding

Currently client_encoding is set in postgresql.conf, which defaults to the server encoding. -

http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php + http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php

Views / Rules

-- cgit v1.2.3