| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Don Seiler <don(at)seiler(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: [PATCH] Include application_name in "connection authorized" log message |
| Date: | 2018-09-28 00:26:20 |
| Message-ID: | 20180928002620.GZ4184@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings, all,
* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> I still don't see that as a reason for tools to be suseptible to serious
> issues if a funky user gets created and I'd be surprised if there
> weren't other ways to get funky characters into the log file, but that's
> all ultimately an independent issue from this. I'll add the comments as
> discussed and discourage using the clean ascii function, but otherwise
> keep things as-is in that regard.
Updated patch with lots of comments added around pg_clean_ascii() about
why it exists, why we do the cleaning, and warnings to discourage people
from using it without good cause. I've also done some additional
testing with it and it seems to be working well. I'll poke at it a bit
more tomorrow but if there aren't any other concerns, I'll commit it
towards the end of the day.
Thanks!
Stephen
| Attachment | Content-Type | Size |
|---|---|---|
| add_appname_to_authmsg_v3.patch | text/x-diff | 9.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gilles Darold | 2018-09-28 00:32:49 | Re: Ora2Pg v19.1 has been released |
| Previous Message | Tom Lane | 2018-09-28 00:23:07 | Re: [patch]overallocate memory for curly braces in array_out |