| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Geoghegan <pg(at)heroku(dot)com> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Forbid use of LF and CR characters in database and role names |
| Date: | 2016-08-23 01:44:13 |
| Message-ID: | 17670.1471916653@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Geoghegan <pg(at)heroku(dot)com> writes:
> On Mon, Aug 22, 2016 at 6:28 PM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
>> There is no need to put restrictions on those I think, and they are
>> actually supported.
> Bi-directional text support (i.e., the use of right-to-left control
> characters) is known to have security implications, FWIW. There is an
> interesting discussion of the matter here:
> http://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing
The problem with implementing anything like that is that it requires
assumptions about what encoding we're dealing with, which would be
entirely not based in fact. (The DB encoding is not a good guide
to what global names are encoded as, much less what encoding some
shell might think it's using.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2016-08-23 03:24:39 | Write Ahead Logging for Hash Indexes |
| Previous Message | Peter Geoghegan | 2016-08-23 01:40:04 | Re: Forbid use of LF and CR characters in database and role names |