From: | Harald Armin Massa <harald(at)2ndQuadrant(dot)com> |
---|---|
To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
Cc: | psycopg(at)postgresql(dot)org |
Subject: | Re: Stuff for 2.4.1 |
Date: | 2011-03-27 18:56:52 |
Message-ID: | AANLkTi=os+fpNj-gR6yW0hyZOycVUzxbPx1JD3CaQsMM@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
Daniele,
as you found correctly, I was allready biten by that bytea-escape-bug.
The aftermath led to the PQlibVersion() function for libpq, committed
by Magnus @ http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=de9a4c27fefcc0d104bc9c97f4a93a49a25bf66d
> Please note that I have not written a parser for user input: this is a
> parser specifically used to receive data from the database and is only
> used to parse the bytea *output* format
> (http://www.postgresql.org/docs/9.0/static/datatype-binary.html)
> I would be very concerned in replacing >PQescapeString/PQescapeBytea for
> the reason you mention, and I would never do it to gain performance:
your arguments are sound. And a line at "nothing from the user, just
stuff from the database" is a line correctly drawn. Parsing things
that come from the database should be save.
Thanks for taking the time to answer my fears,
best wishes
Harald
--
Harald Armin Massa www.2ndQuadrant.com
PostgreSQL Training, Services and Support
2ndQuadrant Deutschland GmbH
GF: Harald Armin Massa
Amtsgericht Stuttgart, HRB 736399
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2011-03-27 19:01:09 | Re: Stuff for 2.4.1 |
Previous Message | Karsten Hilbert | 2011-03-27 18:51:25 | Re: Stuff for 2.4.1 |