| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
| Cc: | cmarin(at)dims(dot)com, "Pgsql-General-post (E-mail)" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: A creepy story about dates. How to prevent it? |
| Date: | 2003-06-18 20:41:57 |
| Message-ID: | 4028.1055968917@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"scott.marlowe" <scott(dot)marlowe(at)ihs(dot)com> writes:
> IMHO it is a bug. We don't let postgresql "guess" about a lot of more
> obvious things (i.e. int4 to int8 casting, etc...) and letting it guess
> about dates makes it non-ACID compliant.
How do you arrive at that conclusion?
> If it isn't a bug, how do I implement a check constraint to stop it from
> happening? I'd like to know my database accepts properly formatted input
> and rejects the rest. That's what the C in ACID means, right?
Do the checking in your application. Something you think is improperly
formatted probably shouldn't get to the database in the first place.
If you aren't doing any format checking at all, you're possibly
vulnerable to SQL injection attacks.
I do now seem to recall an agreement that a GUC switch to disable
date-interpretation guessing would be okay, though.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yusuf | 2003-06-18 20:58:32 | Performance differences using varchar, char and text |
| Previous Message | Michael Meskes | 2003-06-18 20:33:58 | Re: postgreSQL on NAS/SAN? |