| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Christophe Pettus <xof(at)thebuild(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: lower() and unaccent() not leakproof |
| Date: | 2021-08-26 15:06:23 |
| Message-ID: | 7eb0e72c-d638-a223-858c-24ce29f1f2e8@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 26.08.21 16:00, Tom Lane wrote:
> Generally speaking, we've been resistant to marking anything leakproof
> unless it has a very small code footprint that can be easily audited.
>
> In particular, anything that shares a lot of infrastructure with
> not-leakproof functions seems quite hazardous. Even if you go through
> the code and convince yourself that it's OK today, innocent changes
> to the shared infrastructure could break the leakproofness tomorrow.
I think the complexity of the implementation of upper() and lower() is
on the same order as bttextcmp() and similar, so it wouldn't be totally
out of scope.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2021-08-26 15:46:14 | Re: lower() and unaccent() not leakproof |
| Previous Message | Peter Eisentraut | 2021-08-26 14:59:40 | Re: lower() and unaccent() not leakproof |