| From: | Thomas Lockhart <lockhart(at)alumni(dot)caltech(dot)edu> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Postgres Hackers List <hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCHES] createdb/dropdb fixes |
| Date: | 1999-12-14 14:21:35 |
| Message-ID: | 3856526F.F0742344@alumni.caltech.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> All I really wanted to do is fix TODO item
> * database names with spaces fail
> but that is already taken care of, they work fine. Please check it off.
> Meanwhile, database names with single quotes in names don't work very well
> at all, and because of shell quoting rules this can't be fixed, so I put
> in error messages to that end.
That seems to be a bit heavy handed; why bother disallowing things in
the backend because some (small number of) shell-based tools have
trouble as clients? I'd prefer filtering that at the client end, and
allowing capable clients to do whatever they please.
There is a related issue which afaik no one has addressed yet: the
permissions ACLs are stored as a string with a format like
"accountname=permissions" (doing this from memory, so the details may
be wrong) but with quoting allowed for table names and user names one
could embed an equals sign into an account or group name and muck with
permissions. I haven't looked at the code in a long time, but was
thinking about recoding ACLs as a two-field type to enforce an
unambigous interpretation of the two fields. Interested??
- Thomas
--
Thomas Lockhart lockhart(at)alumni(dot)caltech(dot)edu
South Pasadena, California
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 1999-12-14 14:34:33 | Re: [HACKERS] libpq questions...when threads collide |
| Previous Message | Zeugswetter Andreas SB | 1999-12-14 11:16:24 | AW: [HACKERS] Create Group |