Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results
Blame Permalink
  • Tom Lane's avatar
    3bf822c4
    Disable the undocumented xmlvalidate() function, which was unintentionally · 3bf822c4
    Tom Lane authored 
    left in the code though it was not meant to be provided.  It represents a
security hole because unprivileged users could use it to look at (at least the
first line of) any file readable by the backend.  Fortunately, this is only
possible if the backend was built with XML support, so the damage is at least
mitigated; and 8.3 probably hasn't propagated into any security-critical uses
yet anyway.  Per report from Sergey Burladyan.
    3bf822c4
    History
    Disable the undocumented xmlvalidate() function, which was unintentionally
    Tom Lane authored 
    left in the code though it was not meant to be provided.  It represents a
security hole because unprivileged users could use it to look at (at least the
first line of) any file readable by the backend.  Fortunately, this is only
possible if the backend was built with XML support, so the damage is at least
mitigated; and 8.3 probably hasn't propagated into any security-critical uses
yet anyway.  Per report from Sergey Burladyan.