You can set standard_conforming_strings in postgresql.conf at any time
and reload the config, changing the value for all active connections.
That means that if a client opens a connection, and you SIGHUP postgres,
and then the client issues a PQescapeStringConn, the client will get an
incorrectly-escaped string.
This could be a security vulnerability. Webservers which hold open
connections for long periods of time could be incorrectly escaping
values for long periods of time -- between the SIGHUP that changed
standard_conforming_strings, and the time the connection is closed.
Should we change standard_conforming_strings so that it only takes
effect on new connections (or server restart, if we must)? Are there
other similar settings that affect PQescapeStringConn?
Regards,
Jeff Davis