Re: tsearch_core patch: permissions and security issues

On Thu, 14 Jun 2007, Gregory Stark wrote:

> "Teodor Sigaev" <teodor(at)sigaev(dot)ru> writes:
>
>>>> But they still need some more thought about permissions, because AFAICS
>>>> mucking with a configuration can invalidate some other user's data.
>>>
>>> ouch. could mucking with a configuration create a corrupt index?
>>
>> Depending on what you mean 'corrupted'. It will not corrupted as non-readable
>> or cause backend crash. But usage of such tsvector column could be limited -
>> not all words will be searchable.
>
> Am I correct to think of this like changing collations leaving your btree
> index "corrupt"? In that case it probably won't cause any backend crash either
> but you will get incorrect results. For example, returning different results
> depending on whether the index or a full table scan is used.

You're correct. But we can't defend users from all possible errors.
Other side, that we need somehow to help user to identify what fts
configuration was used to produce tsvector. For example, comment on
tsvector column would be useful, but we don't know how to do this
automatically.

Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, Research Scientist, Head of AstroNet (www.astronet.ru),
Sternberg Astronomical Institute, Moscow University, Russia
Internet: oleg(at)sai(dot)msu(dot)su, http://www.sai.msu.su/~megera/
phone: +007(495)939-16-83, +007(495)939-23-83