Re: BUG #17767: psql: tab-completion causes warnings when standard_conforming_strings = off

Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> writes:
> On 2023-Feb-06, Tom Lane wrote:
>> I think removing standard_conforming_strings = off might be a
>> bridge too far, even yet. Or were you speaking of removing
>> escape_string_warning? I could get behind that perhaps.
>> Making it default to off could be an even easier sell.

> I was thinking we'd remove them together. Anybody who is running
> standard_conforming_strings=off will need the warning so that they can
> find the places they need to touch in order to migrate. Keeping the
> ability to run nonstandard strings but without the ability to have the
> warnings would be dangerous, because then there's no easy way to
> upgrade.

Yeah, that's true. So then the question is do we have any desire
to kill off standard_conforming_strings=off altogether?

You could certainly make an argument that doing so would be a net
security improvement, because it's likely that by now there are a
ton of applications that aren't careful with backslashes and will
have SQL-injection hazards if run under standard_conforming_strings=off.
Whether that argument will placate the people who don't want to
change their existing s_c_s=off-dependent apps, I dunno.

> (I agree BTW with the idea that running psql with non-standard strings
> and the warnings enabled is not something that we need to support
> specifically.)

Yeah, just changing the e_s_w default to "off" might be easiest.

regards, tom lane