From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Open 7.3 items |
Date: | 2002-08-18 02:36:11 |
Message-ID: | 13921.1029638171@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> OK, here is the patch with the suggested changes. I am sending the
> patch to hackers because there has been so much interest in this.
One minor gripe:
> + /* If user@, it is a global user, remove '@' */
> + if (strchr(port->user, '@') == port->user + strlen(port->user)-1)
This code is correct, but it tempts someone to replace the strchr()
with a single-character check on the last character of the string.
Which would introduce the security hole we discussed before. The
code is okay, but *please* improve the comment to point out that you
are also excluding the case where there are @'s to the left of the
last character.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Rod Taylor | 2002-08-18 02:40:48 | Re: cvs-tip broken |
Previous Message | Bruce Momjian | 2002-08-18 02:34:42 | Re: compile warnings in CVS |