| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Sullivan <ajs(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-05-02 21:43:26 |
| Message-ID: | 25702.1209764606@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Sullivan <ajs(at)commandprompt(dot)com> writes:
> Oh, heaven. I can at least think of ways to use ENUM such that you
> can justify the trade-off. I can think of no excuse whatever for
> PQexec("COMMIT; BEGIN"). That's just lazy and sloppy.
> Note also that more recent releases, concurrent with the improvements
> to the drivers, also reduce the impact of this sort of database misuse
> slightly.
Actually, as of 8.3 I think the impact is zero, because of the lazy
XID allocation changes. It's still sloppy programming though.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2008-05-02 21:53:01 | Re: VacAttrStatsP vs VacAttrStats * (typedef'ing pointer types) |
| Previous Message | Tom Lane | 2008-05-02 21:28:31 | Re: GUC parameter cursors_tuple_fraction |