Add:

> * Prevent malicious functions from being executed with the permissions > of unsuspecting users > > Index functions are safe, so VACUUM and ANALYZE are safe too. > Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable. > http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
2025-01-30 19:00:29 +08:00 · 2008-03-06 17:19:38 +00:00 · 2008-03-06 17:19:38 +00:00 · 0083856e01
commit 0083856e01
parent 7ec66eab88
2 changed files with 24 additions and 9 deletions
--- a/doc/TODO
+++ b/doc/TODO
@ -1,7 +1,7 @@
 PostgreSQL TODO List
 ====================
 Current maintainer:	Bruce Momjian (bruce@momjian.us)
-Last updated:		Wed Mar  5 22:22:28 EST 2008
+Last updated:		Thu Mar  6 12:19:28 EST 2008

 The most recent version of this document can be viewed at
 http://www.postgresql.org/docs/faqs.TODO.html.
@ -151,8 +151,6 @@ Administration
 	    http://archives.postgresql.org/pgsql-hackers/2006-12/msg00497.php


-
-
 Data Types
 ==========

@ -307,7 +305,6 @@ Data Types
 	* Allow MONEY to be easily cast to/from other numeric data types


-
 Functions
 =========

@ -370,6 +367,12 @@ Functions

  http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php

+* Prevent malicious functions from being executed with the permissions
+  of unsuspecting users
+
+  Index functions are safe, so VACUUM and ANALYZE are safe too. 
+  Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
+  http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php


 Multi-Language Support
@ -412,7 +415,6 @@ Multi-Language Support

  Currently client_encoding is set in postgresql.conf, which
  defaults to the server encoding.
-
  http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php


@ -740,6 +742,7 @@ Referential Integrity
  http://archives.postgresql.org/pgsql-hackers/2006-09/msg01458.php


+
 Server-Side Languages
 =====================

@ -788,6 +791,7 @@ Server-Side Languages
 	  http://archives.postgresql.org/pgsql-hackers/2007-05/msg00289.php


+
 Clients
 =======

@ -929,6 +933,8 @@ Clients

 	  http://archives.postgresql.org/pgsql-hackers/2007-03/msg01803.php

+
+
 Triggers
 ========

@ -1072,6 +1078,7 @@ Fsync
 * Add program to test if fsync has a delay compared to non-fsync


+
 Cache Usage
 ===========

@ -1131,7 +1138,6 @@ Cache Usage



-
 Vacuum
 ======

@ -1188,6 +1194,7 @@ Vacuum
 	  http://archives.postgresql.org/pgsql-general/2007-06/msg01645.php


+
 Locking
 =======

@ -1220,6 +1227,7 @@ Locking



+
 Startup Time Improvements
 =========================

@ -1232,6 +1240,7 @@ Startup Time Improvements
  a single session using multiple threads to execute a statement faster.


+
 Write-Ahead Log
 ===============

@ -1388,6 +1397,7 @@ Miscellaneous Performance
  concurrent reads from multiple devices in a partitioned table.


+
 Source Code
 ===========

--- a/doc/src/FAQ/TODO.html
+++ b/doc/src/FAQ/TODO.html
@ -8,7 +8,7 @@
 <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
 <h1><a name="section_1">PostgreSQL TODO List</a></h1>
 <p>Current maintainer:     Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
-Last updated:           Wed Mar  5 22:22:28 EST 2008
+Last updated:           Thu Mar  6 12:19:28 EST 2008
 </p>
 <p>The most recent version of this document can be viewed at<br/>
 <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@ -330,6 +330,12 @@ first.  There is also a developer's wiki at<br/>
 </p>
  </li><li>Implement Boyer-Moore searching in strpos()
 <p>  <a href="http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php">http://archives.postgresql.org/pgsql-patches/2007-08/msg00012.php</a>
+</p>
+  </li><li>Prevent malicious functions from being executed with the permissions
+  of unsuspecting users
+<p>  Index functions are safe, so VACUUM and ANALYZE are safe too. 
+  Triggers, CHECK and DEFAULT expressions, and rules are still vulnerable.
+  <a href="http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php">http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php</a>
 </p>
 </li></ul>
 <h1><a name="section_5">Multi-Language Support</a></h1>
@ -367,8 +373,7 @@ first.  There is also a developer's wiki at<br/>
  </li><li>Set client encoding based on the client operating system encoding
 <p>  Currently client_encoding is set in postgresql.conf, which
  defaults to the server encoding.
-</p>
-<p>  <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
+  <a href="http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php">http://archives.postgresql.org/pgsql-hackers/2006-08/msg01696.php</a>
 </p>
 </li></ul>
 <h1><a name="section_6">Views / Rules</a></h1>