James William Pye <[EMAIL PROTECTED]> writes:
> On Sat, Feb 25, 2006 at 06:36:19PM -0300, Alvaro Herrera wrote:
>> I'm not sure it's an issue now that we have pg_pltemplate, but in older
>> versions it's possible to create a language without setting a validator.
>> This would make the validator an unsuitable place for checking the
>> restrictions.
> Hrm. I think this would only be an issue in PL/Py is if the user had the
> ability
> to alter probin. The handler will never directly execute code in prosrc; it
> relies on a validator to fill in probin.
That design is broken on its face, as the system does not guarantee to
call the validator.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
