Re: Feature request: Settings to disable comments and multiple statements in a connection

From: Francisco Olarte <folarte(at)peoplecall(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Glen K <glenk1973(at)hotmail(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Feature request: Settings to disable comments and multiple statements in a connection
Date: 2025-06-05 08:54:05
Message-ID: CA+bJJbwRyD+PH-hFXkL=jjDSJdraktXv_T=JSTHuKTjb4g9JDA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Thu, 5 Jun 2025 at 01:06, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> ... An injection attack is normally
> trying to break out of a quoted string, not a comment.

I think the comments he refers to are more used to do "bobby tables"
like stuff, as helpers in correct statement forming, not to inject per
se.

( I do not think the feature request is worth doing either, just commenting ).

Francisco Olarte.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Dominique Devienne 2025-06-05 09:07:14 Re: LOCALE C.UTF-8 on EDB Windows v17 server
Previous Message Dominique Devienne 2025-06-05 08:53:14 Re: LOCALE C.UTF-8 on EDB Windows v17 server