| From: | Andrew Sullivan <ajs(at)commandprompt(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-05-02 20:47:12 |
| Message-ID: | 20080502204712.GL21477@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, May 02, 2008 at 03:58:01PM -0400, Chris Browne wrote:
> Andrew Sullivan recently had some choice words about the merits of
> ENUM; I think the same applies to drivers that do
> PQexec("COMMIT;BEGIN")...
Oh, heaven. I can at least think of ways to use ENUM such that you
can justify the trade-off. I can think of no excuse whatever for
PQexec("COMMIT; BEGIN"). That's just lazy and sloppy.
Note also that more recent releases, concurrent with the improvements
to the drivers, also reduce the impact of this sort of database misuse
slightly.
But really, people who are doing that sort of thing have no excuse for
themselves. They should be relegated to the same circle of hell as
people who think it's a good plan to write a crappy schema the first
time, because you can always optimise later.
A
--
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2008-05-02 20:49:39 | Re: [HACKERS] GUC parameter cursors_tuple_fraction |
| Previous Message | Hell, Robert | 2008-05-02 20:41:07 | Re: [HACKERS] GUC parameter cursors_tuple_fraction |