From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Ben Hockey <neonstalwart(at)gmail(dot)com> |
Cc: | Mike Fowler <mike(at)mlfowler(dot)com>, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: ecmascript 5 DATESTYLE |
Date: | 2010-05-21 03:34:41 |
Message-ID: | AANLkTingZMm8py0t0RDmiin0p2EyJJqVQ9-LWPL6bPPV@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, May 20, 2010 at 9:25 PM, Ben Hockey <neonstalwart(at)gmail(dot)com> wrote:
> thanks for looking into adding this feature. custom formats for parsing and
> formatting of dates would certainly be the better option if it can be done
> securely.
Well, Pavel expressed a concern about SQL injection, but I can't see
why that would be a problem. If having multiple date formats is
insecure, then we are already insecure. If it's not, then I don't see
why having user-definable formats would be any more insecure than
having formats from a fixed list. In any case, I can't see the
connection to SQL injection - it seems like the worst case scenario is
that some client gets confused about what the date format is and some
dates get misinterpreted.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2010-05-21 03:40:03 | Re: [RFC][PATCH]: CRC32 is limiting at COPY/CTAS/INSERT ... SELECT + speeding it up |
Previous Message | Florian Pflug | 2010-05-21 02:20:49 | Re: Row-level Locks & SERIALIZABLE transactions, postgres vs. Oracle |