Add:

> * Prevent malicious functions from being executed with the permissions > of unsuspecting users > > Index functions are safe, so VACUUM and ANALYZE are safe too. > Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. > http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php

Add:
> * Prevent malicious functions from being executed with the permissions > of unsuspecting users > > Index functions are safe, so VACUUM and ANALYZE are safe too. > Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. > http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
0083856e · Bruce Momjian · 7ec66eab · 0083856e · 0083856e
Commit 0083856e authored Mar 06, 2008 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 9 deletions

doc/TODO doc/TODO +16 -6

doc/src/FAQ/TODO.html doc/src/FAQ/TODO.html +8 -3

No files found.
--- a/doc/TODO
+++ b/doc/TODO
 PostgreSQL TODO List
 ====================
 Current maintainer:	Bruce Momjian (bruce@momjian.us)
-Last updated:		Wed Mar  5 22:22:28 EST 2008
+Last updated:		Thu Mar  6 12:19:28 EST 2008
 The most recent version of this document can be viewed at
 http://www.postgresql.org/docs/faqs.TODO.html.
@@ -151,8 +151,6 @@ Administration
 	    http://archives.postgresql.org/pgsql-hackers/2006-12/msg00497.php
 Data Types
 ==========
@@ -307,7 +305,6 @@ Data Types
 	* Allow MONEY to be easily cast to/from other numeric data types
 Functions
 =========
@@ -370,6 +367,12 @@ Functions
  http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php
+* Prevent malicious functions from being executed with the permissions
+  of unsuspecting users
+  Index functions are safe, so VACUUM and ANALYZE are safe too. 
+  Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
+  http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
 Multi-Language Support
@@ -412,7 +415,6 @@ Multi-Language Support
  Currently client_encoding is set in postgresql.conf, which
  defaults to the server encoding.
  http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php
@@ -740,6 +742,7 @@ Referential Integrity
  http://archives.postgresql.org/pgsql-hackers/2006-09/msg01458.php
 Server-Side Languages
 =====================
@@ -788,6 +791,7 @@ Server-Side Languages
 	  http://archives.postgresql.org/pgsql-hackers/2007-05/msg00289.php
 Clients
 =======
@@ -929,6 +933,8 @@ Clients
 	  http://archives.postgresql.org/pgsql-hackers/2007-03/msg01803.php
 Triggers
 ========
@@ -1072,6 +1078,7 @@ Fsync
 * Add program to test if fsync has a delay compared to non-fsync
 Cache Usage
 ===========
@@ -1131,7 +1138,6 @@ Cache Usage
 Vacuum
 ======
@@ -1188,6 +1194,7 @@ Vacuum
 	  http://archives.postgresql.org/pgsql-general/2007-06/msg01645.php
 Locking
 =======
@@ -1220,6 +1227,7 @@ Locking
 Startup Time Improvements
 =========================
@@ -1232,6 +1240,7 @@ Startup Time Improvements
  a single session using multiple threads to execute a statement faster.
 Write-Ahead Log
 ===============
@@ -1388,6 +1397,7 @@ Miscellaneous Performance
  concurrent reads from multiple devices in a partitioned table.
 Source Code
 ===========

--- a/doc/src/FAQ/TODO.html
+++ b/doc/src/FAQ/TODO.html
@@ -8,7 +8,7 @@
 <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
 <h1><a name="section_1">PostgreSQL TODO List</a></h1>
 <p>Current maintainer:     Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
-Last updated:           Wed Mar  5 22:22:28 EST 2008
+Last updated:           Thu Mar  6 12:19:28 EST 2008
 </p>
 <p>The most recent version of this document can be viewed at<br/>
 <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@@ -330,6 +330,12 @@ first.  There is also a developer's wiki at<br/>
 </p>
  </li><li>Implement Boyer-Moore searching in strpos()
 <p>  <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a>
+</p>
+  </li><li>Prevent malicious functions from being executed with the permissions
+  of unsuspecting users
+<p>  Index functions are safe, so VACUUM and ANALYZE are safe too. 
+  Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
+  <a href="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a>
 </p>
 </li></ul>
 <h1><a name="section_5">Multi-Language Support</a></h1>
@@ -367,8 +373,7 @@ first.  There is also a developer's wiki at<br/>
  </li><li>Set client encoding based on the client operating system encoding
 <p>  Currently client_encoding is set in postgresql.conf, which
  defaults to the server encoding.
-</p>
+  <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
-<p>  <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
 </p>
 </li></ul>
 <h1><a name="section_6">Views / Rules</a></h1>