Re: [HACKERS] Re: Interesting Atricle
On Sat, Jun 02, 2001 at 10:59:20AM -0400, Vince Vielhaber wrote: On Fri, 1 Jun 2001, Bruce Momjian wrote: Thought some people might find this article interesting. http://www.zend.com/zend/art/databases.php The only interesting thing I noticed is how fast it crashes my Netscape-4.76 browser ;) Yours too? I turned off Java/Javascript to get it to load and I am on BSD/OS. Strange it so univerally crashes. Really odd. I have Java/Javascript with FreeBSD and Netscape 4.76 and read it just fine. One difference tho probably, I keep style sheets shut off. Netscape crashes about 1% as often as it used to. This is getting off-topic, but ... I keep CSS, Javascript, Java, dynamic fonts, and images turned off, and Netscape 4.77 stays up for many weeks at a time. I also have no Flash plugin. All together it makes for a far more pleasant web experience. I didn't notice any problem with the Zend page. Nathan Myers [EMAIL PROTECTED] ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] Re: Interesting Atricle
On Mon, Jun 04, 2001 at 04:55:13PM -0400, Bruce Momjian wrote: This is getting off-topic, but ... I keep CSS, Javascript, Java, dynamic fonts, and images turned off, and Netscape 4.77 stays up for many weeks at a time. I also have no Flash plugin. All together it makes for a far more pleasant web experience. I didn't notice any problem with the Zend page. You are running no images! You may as well have Netscape minimized and say it is running for weeks. :-) Over 98% of the images on the web are either pr0n or wankage. If you don't need to see that, you can save a lot of time. But it's usually Javascript that crashes Netscape. (CSS appears to be implemented using Javascript, because if you turn off Javascript, then CSS stops working (and crashing).) That's not to say that Java doesn't also crash Netscape; it's just that pages with Java in them are not very common. There's little point in bookmarking a site that depends on client-side Javascript or Java, because it won't be up for very long. But this is *really* off topic, now. Nathan Myers [EMAIL PROTECTED] ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
[HACKERS] Curious (mis)behavior of access rights
A question from Joe Mitchell led me to investigate some access-checking
behavior that seems kinda broken. Currently, when aclinsert3() creates
a new entry in an ACL list, it effectively initializes the entry with
the current PUBLIC access rights, rather than with zero rights. Thus:
regression=# create user u1;
CREATE USER
regression=# create table t1 (f1 int);
CREATE
regression=# grant select on t1 to public;
CHANGE
regression=# grant update on t1 to u1;
CHANGE
regression=# \z t1
Access permissions for database regression
Relation |Access permissions
--+---
t1 | {=r,postgres=arwdRxt,u1=rw}
(1 row)
Notice it says u1=rw, not just u1=w which is what one might expect.
The reason why it does this, apparently, is that when aclcheck() finds a
match on userid, it stops with that ACL entry and doesn't look at any
group or world entries. So, if I now do
regression=# revoke select on t1 from u1;
CHANGE
regression=# \z t1
Access permissions for database regression
Relation |Access permissions
--+--
t1 | {=r,postgres=arwdRxt,u1=w}
(1 row)
I now have a situation where u1 can't read t1, even though the rest of
the world can:
regression= select * from t1;
ERROR: t1: Permission denied.
This is inconsistent because the same does not hold true for privileges
granted via groups. aclcheck will succeed if *any* group you are in
has the desired privilege, *or* if PUBLIC does. Thus:
regression=# create group g1 with user u1;
CREATE GROUP
regression=# create table t2 (f1 int);
CREATE
regression=# grant select on t2 to public;
CHANGE
regression=# grant update on t2 to group g1;
CHANGE
regression=# \z t2
Access permissions for database regression
Relation | Access permissions
--+-
t2 | {=r,postgres=arwdRxt,group g1=rw}
(1 row)
(At this point u1 is able to read t2)
regression=# revoke select on t2 from group g1;
CHANGE
regression=# \z t2
Access permissions for database regression
Relation | Access permissions
--+
t2 | {=r,postgres=arwdRxt,group g1=w}
(1 row)
(At this point u1 is still able to read t2)
Another problem is that if you do
grant select to public;
grant update to u1;
revoke select from public;
you will find that u1 still has select rights, which is undoubtedly
not what you wanted.
I believe that a more consistent approach would be to say that a user's
privileges are the union of what is granted directly to himself, to any
group he is currently a member of, and to PUBLIC. So if aclcheck
doesn't see the desired privilege granted in the user entry (if found),
it has to continue on looking at groups and then world, not just fail.
And aclinsert3 should initialize new entries to zero access rights, not
copy PUBLIC.
The only downside of this is that we'd lose the feature of being able
to revoke from a particular user a right that is available via PUBLIC to
everyone else. I'm not convinced that that behavior has any real use,
and certainly keeping it doesn't seem important compared to making these
other behaviors more reasonable. That feature doesn't work reliably
anyway, since ACL entries are dropped as soon as they go to zero rights.
Comments, objections?
regards, tom lane
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
[HACKERS] Mirrors not tracking main ftp site?
On hub, in /home/projects/pgsql/ftp/pub/dev I see *.tar.gz.md5postgresql-opt-snapshot.tar.gz doc postgresql-opt-snapshot.tar.gz.md5 postgresql-base-snapshot.tar.gz postgresql-snapshot.tar.gz postgresql-base-snapshot.tar.gz.md5 postgresql-snapshot.tar.gz.md5 postgresql-docs-snapshot.tar.gz postgresql-test-snapshot.tar.gz postgresql-docs-snapshot.tar.gz.md5 postgresql-test-snapshot.tar.gz.md5 which agrees with the view at http://www.ca.postgresql.org/ftpsite/dev/. However, it seems that the mirrors have a lot more stuff: ftp://postgresql.readysetnet.com/pub/postgresql/dev/ shows dozens of files back to 7.1beta6, and so do the other several I checked in a random sample. Is the update mechanism failing to cause old files to be removed from the mirrors? Also, some of the mirrors claimed to be up-to-date by http://www.postgresql.org/index.html aren't. Fr instance, download.sourceforge.net doesn't have 7.1.1 nor 7.1.2. I thought that the up-to-date check was automated? regards, tom lane ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [HACKERS] Question about inheritance
On Tue, 5 Jun 2001, Christopher Kings-Lynne wrote: Hi guys, It's relatively straightforward to allow check constraints to be inherited - but is it really possible to ever do the same with primary, unique or even foreign constraints? ie. Say a table has a primary key and I inherit from this table. Since the primary key is an index on the parent table, I could just create another index on the child table, on the same column. However - because we are dealing with two separate indices, it should still be possible to insert duplicate values into the parent table and the child table shouldn't it? This means that when a query is run over the parent table that includes results from the child table then you will get duplicate results in a supposedly primary index. Similar arguments seem to apply to unique and foreign constraints. If you could use aggregate functions in check constraints - you'd have another problem. And if asserts were ever implemented - same thing... Am I misunderstanding how the mechanism works, or is this a big, not easily solved, problem? It's a big deal. Actually check constraints have a similar problem if you allow inherited constraints to be dropped. Why does 'select * from base;' give me rows where value10 since there's a check value=10 on the table? As Tom said, the unique constraint thing is still questionable which is the more meaningful semantics. If we ever want to allow foreign key constraints to inheritance trees, we need *some* way to guarantees uniqueness across the tree even if that isn't through the unique constraint. ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://www.postgresql.org/search.mpl
[HACKERS] Another pgindent gripe
Why does pgindent sometimes insert whitespace into the return type
part of a function definition? Here's an example from the last
pgindent run:
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/optimizer/plan/createplan.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -c -r1.103 -r1.104
*** pgsql/src/backend/optimizer/plan/createplan.c 2001/01/24 19:42:58 1.103
--- pgsql/src/backend/optimizer/plan/createplan.c 2001/03/22 03:59:36 1.104
***
*** 1493,1499
return make_sort(sort_tlist, lefttree, numsortkeys);
}
! Material *
make_material(List *tlist, Plan *lefttree)
{
Material *node = makeNode(Material);
--- 1495,1501
return make_sort(sort_tlist, lefttree, numsortkeys);
}
! Material *
make_material(List *tlist, Plan *lefttree)
{
Material *node = makeNode(Material);
regards, tom lane
---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
