[Pljava-dev] [HACKERS] Re: Should creating a new base type require superuser status?
Kris Jurka
books at ejurka.com
Wed Feb 18 07:34:48 UTC 2009
Thomas Hallgren wrote:
> Kris Jurka wrote:
>>
>> 3) By value: pljava does not correctly handle passed by value types
>> correctly, allowing access to random memory.
>>
> This is simply not true. There's no way a Java developer can access
> random memory through PL/Java.
No, the point is that the Java developer can provide some data which can
convince postgresql to fetch random data for the user.
Consider the attached type which is simply an int4 equivalent.
Depending on how you define it as passed by value or passed by reference
it will or will not work (attached).
This looks like it works:
jurka=# select '1'::intbyref, '2'::intbyval;
intbyref | intbyval
----------+----------
1 | 2
(1 row)
But it doesn't really:
jurka=# create table inttest (a intbyref, b intbyval);
CREATE TABLE
jurka=# insert into inttest values ('1', '2');
INSERT 0 1
jurka=# select * from inttest;
a | b
---+------------
1 | 2139062143
(1 row)
You can also get:
jurka=# select * from inttest;
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
Kris Jurka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Int.java
Type: text/x-java
Size: 1171 bytes
Desc: not available
Url : http://pgfoundry.org/pipermail/pljava-dev/attachments/20090217/c23cea9c/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: create_passed_by_value.sql
Type: text/x-sql
Size: 1288 bytes
Desc: not available
Url : http://pgfoundry.org/pipermail/pljava-dev/attachments/20090217/c23cea9c/attachment-0001.bin
More information about the Pljava-dev
mailing list