Re: Stuff for 2.4.1

On Sun, Mar 27, 2011 at 9:46 AM, Daniele Varrazzo
<daniele(dot)varrazzo(at)gmail(dot)com> wrote:
> On Sun, Mar 27, 2011 at 12:51 PM, Harald Armin Massa
> <harald(at)2ndquadrant(dot)com> wrote:
>> Are you really sure that psycopg2 should go the road of having own
>> parsers in addition to libpq-s routines? As much as I am happy about
>> the robustness when having other libpqs, and about the performance
>> benefit, as much I fear to have some new areas for possible bugs -
>> especially security-relevant things like SQL-injections.
>
> The will to stick as much as possible to the libpq functions has been
> the reason I had not written the above parser before (releasing
> 2.4.0). Unfortunately the bytea problem has proven trickier to handle
> for many psycopg users. I've changed my mind as I think psycopg has
> the responsibility to provide a set of feature in a robust way, and if
> the libpq is just not reliable for bytea parsing (for me the hex
> format should have been backported to the the client libraries of the
> previous versions) I think we have to provide a solution, not just to
> propagate the problem.

I think I agree with Harald here. In my opinion, this shouldn't be
done at the driver level. There never has been a guarantee from the
database side that applications compiled against older libpq will be
able to communicate with newer versions. Emulating this in the driver
only propagates this mis-conception. What has been the problem in the
past? Maybe the documentation should be improved so that people are
sure to build against the appropriate version of libpq for the version
of the server they intend to communicate with?

--
Thanks,

David Blewett