I left out a few words there. On Mon, Oct 6, 2014 at 3:07 PM, Robert Haas <robertmh...@gmail.com> wrote: >> Hmm, that's certainly an interesting point, but I'm trying to work out >> how this is different from normal COPY..? pg_analyze_and_rewrite() >> happens for both cases down in BeginCopy(). > > As far as I can see, the previous code only looked up any given name > once. If you got a relation name, DoCopy() looked it up, and then > BeginCopy() references it only by the passed-down Relation descriptor; > if you got a query, DoCopy() ignores it, and then BeginCopy.
...passes it to pg_analyze_and_rewrite(), which looks up any names it contains. > All of > which is fine, at least AFAICS; if you think otherwise, that should be > reported to pgsql-security. The problem with your code is that you > start with a relation name (and thus look it up in DoCopy()) and then > construct a query (which causes the name to be looked up again when > the query is passed to pg_analyze_and_rewrite() from BeginCopy()) -- > and the lookup might not get the same answer both times. That is, not > to put to fine a point on it, bad news. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers