| From: | Harald Armin Massa <harald(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
| Cc: | psycopg(at)postgresql(dot)org |
| Subject: | Re: Stuff for 2.4.1 |
| Date: | 2011-03-27 18:56:52 |
| Message-ID: | AANLkTi=os+fpNj-gR6yW0hyZOycVUzxbPx1JD3CaQsMM@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
Daniele,
as you found correctly, I was allready biten by that bytea-escape-bug.
The aftermath led to the PQlibVersion() function for libpq, committed
by Magnus @ http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=de9a4c27fefcc0d104bc9c97f4a93a49a25bf66d
> Please note that I have not written a parser for user input: this is a
> parser specifically used to receive data from the database and is only
> used to parse the bytea *output* format
> (http://www.postgresql.org/docs/9.0/static/datatype-binary.html).
> I would be very concerned in replacing >PQescapeString/PQescapeBytea for
> the reason you mention, and I would never do it to gain performance:
your arguments are sound. And a line at "nothing from the user, just
stuff from the database" is a line correctly drawn. Parsing things
that come from the database should be save.
Thanks for taking the time to answer my fears,
best wishes
Harald
--
Harald Armin Massa www.2ndQuadrant.com
PostgreSQL Training, Services and Support
2ndQuadrant Deutschland GmbH
GF: Harald Armin Massa
Amtsgericht Stuttgart, HRB 736399
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2011-03-27 19:01:09 | Re: Stuff for 2.4.1 |
| Previous Message | Karsten Hilbert | 2011-03-27 18:51:25 | Re: Stuff for 2.4.1 |