< * Allow easy display of usernames in a group
> * -Allow easy display of usernames in a group
88,89d87
< * -Delay resolution of array expression type so assignment coercion
< can be performed on empty array expressions (Joe)
94c92,94
< o Support construction of array result values in expressions
> o -Support construction of array result values in expressions (Joe)
> o Delay resolution of array expression type so assignment coercion
> can be performed on empty array expressions (Joe)
148c148
< * Allow LIKE indexing optimization for non-ASCII locales
> * -Allow LIKE indexing optimization for non-ASCII locales using special index
173c173
< * Return proper effected tuple count from complex commands [return]
> * -Return proper effected tuple count from complex commands [return]
236c236
< o Allow SHOW of non-modifiable variables, like pg_controldata
> o -Allow SHOW of some non-modifiable variables, like pg_controldata
257a258
> o Add capability to create and call PROCEDURES
272c273
<
> * Allow psql \du to show groups, and add \dg for groups
424c425
< * Improve Subplan list handling
> * -Improve Subplan list handling
< o Allow array declarations and other data types in PL/PgSQL DECLARE
> o -Allow array declarations and other data types in PL/PgSQL DECLARE
254c254
< o Allow PL/PgSQL to support array element assignment
> o -Allow PL/PgSQL to support array element assignment (Joe)
< * Allow elog() to return error codes, module name, file name, line
< number, not just messages (Peter E)
< * Add error codes (Peter E)
< * Make error messages more consistent [error]
> * -Allow elog() to return error codes, module name, file name, line
> number, not just messages (Tom)
> * -Add error codes (Tom)
> * -Make error messages more consistent
40c40
< * Add GUC log_statement_and_duration to print statement and >= min duration
> * -Add GUC log_statement_and_duration to print statement and >= min duration
84c84
< * Allow current datestyle to restrict dates; prevent month/day swapping
> * -Allow current datestyle to restrict dates; prevent month/day swapping
86c86
< * Prevent month/day swapping of ISO dates to make invalid dates valid
> * -Prevent month/day swapping of ISO dates to make invalid dates valid
88c88
< * Delay resolution of array expression type so assignment coercion
> * -Delay resolution of array expression type so assignment coercion
93c93
< o Allow arrays to be ORDER'ed
> o -Allow arrays to be ORDER'ed
116c116
< * Remove Cyrillic recode support
> * -Remove Cyrillic recode support
144c144
< * Certain indexes will not shrink, e.g. indexes on ever-increasing
> * -Certain indexes will not shrink, e.g. indexes on ever-increasing
185c185
< * Have SELECT '13 minutes'::interval display zero seconds in ISO datestyle
> * -Have SELECT '13 minutes'::interval display zero seconds in ISO datestyle
196c196
< o -Add ALTER TABLE tab SET WITHOUT OIDS (Rod)
> o --Add ALTER TABLE tab SET WITHOUT OIDS (Rod)
221c221
< stored in the backend
> stored in the backend (Gavin)
235c235
< o Allow EXPLAIN EXECUTE to see prepared plans
> o -Allow EXPLAIN EXECUTE to see prepared plans
241d240
< o Add untrusted version of plpython
265c264
< * Allow psql to show transaction status if backend protocol changes made
> * -Allow psql to show transaction status if backend protocol changes made
272,273c271,272
< * Modify pg_get_triggerdef() to take a boolean to pretty-print,
< and use that as part of pg_dump along with psql
> * -Modify pg_get_triggerdef() to take a boolean to pretty-print,
> and use that as part of pg_dump along with psql
292c291
< o Add SQLSTATE
> o -Add SQLSTATE
296c295
< o Implement SQLDA (do we really need this?)
> o -Implement SQLDA
364d362
< * Allow binding query args over FE/BE protocol
378c376,377
< * Provide automatic running of vacuum in the background (Tom) [vacuum]
> * Provide automatic running of vacuum in the background in backend
> rather than in /contrib [vacuum]
427c426
< * Allow Subplans to use efficient joins(hash, merge) with upper variable
> * -Allow Subplans to use efficient joins(hash, merge) with upper variable
429c428
< * Allow merge and hash joins on expressions not just simple variables (Tom)
> * -Allow merge and hash joins on expressions not just simple variables (Tom)
474c473
< * Remove memory/file descriptor freeing befor elog(ERROR) (Bruce)
> * Remove memory/file descriptor freeing before ereport(ERROR) (Bruce)
489,490c488,489
< o Show transaction status in psql
< o Allow binding of query parameters, support for prepared queries
> o -Show transaction status in psql
> o -Allow binding of query parameters, support for prepared queries
492,494c491,493
< o Remove hard-coded limits on user/db/password names
< o Remove unused elements of startup packet (unused, tty, passlength)
< o Fix COPY/fastpath protocol?
> o -Remove hard-coded limits on user/db/password names
> o -Remove unused elements of startup packet (unused, tty, passlength)
> o -Fix COPY/fastpath protocol
496,497c495
< o Replication support?
< o Error codes
> o -Error codes
500d497
< o ecpg improvements?
503c500
< o Report server version number, database encoding, client encoding
> o -Report server version number, database encoding, client encoding
encountered; per bug report from Christian van der Leeden 8/7/03.
Also, adjust larger/smaller routines (MAX/MIN) to share code with
comparisons for timestamp, interval, timetz.
getopt_long(). This is more or less the same problem as we saw earlier
with getaddrinfo() and struct addrinfo, and for the same reason: random
user-added libraries might contain the subroutine, but there's no
guarantee we will find the matching header files.
subplan it starts with, as they may be needed at upper join levels.
See comments added to code for the non-obvious reason why. Per bug report
from Robert Creager.
reduces the number of concurrent processes launched during parallel
regression tests, possibly avoiding failures such as exceeding a user's
max number of processes. This essentially completes the reversion
of 1.27->1.28.
vulnerability. This fix completely removes the ability (hack) of being able
to bind a list of values in an in clause. It was demonstrated that by allowing
that functionality you open up the possibility for certain types of
sql injection attacks. The previous fix attempts all focused on preventing
the insertion of additional sql statements (the semi-colon problem:
xxx; any new sql statement here). But that still left the ability to
change the where clause on the current statement or perform a subselect
which can circumvent applicaiton security logic and/or allow you to call
any stored function.
Modified Files:
jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
he supplied a few months ago, but didn't get around to docing until now. And
he also added some doc for calling stored functions in general from jdbc that was missing.
Modified Files:
sgml/jdbc.sgml