Re: [GENERAL] Security implications of (plpgsql) functions
Doug McNaught <doug@wireboard.com>
From: Doug McNaught <doug@wireboard.com>
To: Joe Conway <mail@joeconway.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruce Momjian <pgman@candle.pha.pa.us>, Marcin Owsiany <marcin@owsiany.pl>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-10-21T16:27:20Z
Lists: pgsql-hackers, pgsql-general
Joe Conway <mail@joeconway.com> writes: > Tom Lane wrote: > > A depth limit for PL-function recursion is perhaps feasible, but I can't > > say that I care for it a whole lot ... anyone have better ideas? > > > > Is there any way to recognize infinite recursion by analyzing the > saved execution tree -- i.e. can we assume that a function that calls > itself, with the same arguments with which it was called, constitutes > infinite recursion? Solved the halting problem lately? ;) Someone determined to DoS could probably get around any practical implementation of your idea, using dummy argument, mutual recursion or whatever. -Doug