| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Erik Rijkers <er(at)xs4all(dot)nl>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Changeset Extraction v7.6.1 |
| Date: | 2014-02-21 11:09:37 |
| Message-ID: | 20140221110937.GW28858@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-02-19 13:31:06 -0500, Robert Haas wrote:
> TBH, as compared to what you've got now, I think this mostly boils
> down to a question of quoting and escaping. I'm not really concerned
> with whether we ship something that's perfectly efficient, or that has
> filtering capabilities, or that has a lot of fancy bells and whistles.
> What I *am* concerned about is that if the user updates a text field
> that contains characters like " or ' or : or [ or ] or , that somebody
> might be using as delimiters in the output format, that a program can
> still parse that output format and reliably determine what the actual
> change was. I don't care all that much whether we use JSON or CSV or
> something custom, but the data that gets spit out should not have
> SQL-injection-like vulnerabilities.
If it's just that, I am *perfectly* happy to change it. What I do not
want is arguments like "I don't want the type information, that's
pointless" because it's actually really important for regression
testing.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ronan Dunklau | 2014-02-21 11:09:44 | Re: Proposal: IMPORT FOREIGN SCHEMA statement. |
| Previous Message | Andres Freund | 2014-02-21 11:07:22 | Re: Changeset Extraction v7.6.1 |