public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Tom Lane <[email protected]>
Cc: Lars Olson <[email protected]>
Cc: [email protected]
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
Date: Mon, 31 Mar 2008 23:04:25 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Mon, Mar 31, 2008 at 10:46 PM, Tom Lane <[email protected]> wrote:
> If this were a security issue, you already spilled the beans by
> reporting it to a public mailing list; so I'm unsure what you are
> concerned about.
I'd wager that Lars didn't realise the bug form goes straight to the
list. We should probably make that more clear.
On the other hand it does say to report security issues to security@...
--
Dave Page
EnterpriseDB UK Ltd: http://www.enterprisedb.com
PostgreSQL UK 2008 Conference: http://www.postgresql.org.uk
view thread (6+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox