Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!newsfeed.utanet.at!newscore.univie.ac.at!aconews-feed.univie.ac.at!aconews.univie.ac.at!not-for-mail
From: "Laurenz Albe" <invite@spam.to.invalid>
Newsgroups: comp.databases.postgresql
References: <ito056$ido$1@bruford.hrz.tu-chemnitz.de><1308640710.210659@proxy.dienste.wien.at><pan.2011.06.21.13.38.10@gmail.com><1308738638.232318@proxy.dienste.wien.at> <pan.2011.06.22.12.02.22@gmail.com> <1308911383.819034@proxy.dienste.wien.at> <iuhvrv$5j7$1@speranza.aioe.org> <1309508018.14415@proxy.dienste.wien.at> <iul48k$9v1$1@speranza.aioe.org> <1309790420.3138@proxy.dienste.wien.at> <iut38g$9da$1@speranza.aioe.org> <1309849143.243811@proxy.dienste.wien.at> <iuvl71$5i9$1@speranza.aioe.org> <1309935622.273345@proxy.dienste.wien.at> <iv14m0$b0u$1@speranza.aioe.org>
Subject: Re: Is PostgreSQL good?
Date: Thu, 7 Jul 2011 09:05:35 +0200
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109
Organization: dienste.wien.at ISP
Message-ID: <1310022354.456735@proxy.dienste.wien.at>
X-Cache: nntpcache 2.3.3 (see http://www.nntpcache.org/)
Lines: 41
NNTP-Posting-Host: 141.203.254.23
X-Trace: 1310022356 aconews.univie.ac.at 38260 141.203.254.23
X-Complaints-To: abuse@univie.ac.at
Xref: x330-a1.tempe.blueboxinc.net comp.databases.postgresql:191

Don Y wrote:
> The sorts of relations are all predefined.  A (cell phone) "user"
> could opt to add a name to his "contact list".  Or, delete one.
> Or "edit" an existing contact.  Or, purge the log of the least
> recent calls.  etc.
>
> He might even want to add "another" contact list (named "business
> contacts"), etc.

This is pretty vague, but it sounds like nothing you need a
superuser account for.
Keep administrative stuff (VACUUM, backups) separate from the rest.

> But, he's not creating any arbitrary relations.  And, the queries
> he'll run are predefined -- with "fill in the blank" parameters, etc.

Yup, that's exactly where the user can use SQL injection to break
into your database.

> I.e., if PostgreSQL can't keep the relations intact, then it has
> fundamental bugs (in which case, why would *anyone* be using it?).

You misunderstood me. PostgreSQL will keep its stuff consistent.
If somebody breaks into your database with a superuser account,
he or she can very consistently read and change everything in the
database, access the file system, and theoretically do anything with
your machine that the OS user has permissions to do.

> <shrug>  We'll see.  AFAIK, it hasn't been tried on this large
> a scale previously (?)  As I said, the things I'm expecting from
> the DBMS are probably different than what most users/DBA's would
> expect.

I don't want to play Kassandra here, but most of the people who
want to use a software for something else than the intended use
become quite unhappy in the end.

Yours,
Laurenz Albe