Re: [GENERAL] Security implications of (plpgsql) functions

Doug McNaught <doug@wireboard.com>

From: Doug McNaught <doug@wireboard.com>
To: Joe Conway <mail@joeconway.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <pgman@candle.pha.pa.us>, Marcin Owsiany <marcin@owsiany.pl>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-10-21T16:27:20Z
Lists: pgsql-hackers, pgsql-general
Joe Conway <mail@joeconway.com> writes:

> Tom Lane wrote:
> > A depth limit for PL-function recursion is perhaps feasible, but I can't
> > say that I care for it a whole lot ... anyone have better ideas?
> >
> 
> Is there any way to recognize infinite recursion by analyzing the
> saved execution tree -- i.e. can we assume that a function that calls
> itself, with the same arguments with which it was called, constitutes
> infinite recursion?

Solved the halting problem lately?  ;)

Someone determined to DoS could probably get around any practical
implementation of your idea, using dummy argument, mutual recursion or
whatever. 

-Doug