From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Common function for percent placeholder replacement |
Date: | 2022-12-14 16:09:51 |
Message-ID: | CA+TgmoZNW_T0kT+JQ9Z_fHdOEMAkBCBp8HvSXZSAF9oN8B2UTg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Dec 14, 2022 at 2:31 AM Peter Eisentraut
<peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:
> There are a number of places where a shell command is constructed with
> percent-placeholders (like %x). First, it's obviously cumbersome to
> have to open-code this several times. Second, each of those pieces of
> code silently encodes some edge case behavior, such as what to do with
> unrecognized placeholders. (I remember when I last did one of these, I
> stared very hard at the existing code instances to figure out what they
> would do.) We now also have a newer instance in basebackup_to_shell.c
> that has different behavior in such cases. (Maybe it's better, but it
> would be good to be explicit and consistent about this.)
Well, OK, I'll tentatively cast a vote in favor of adopting
basebackup_to_shell's approach elsewhere. Or to put that in plain
English: I think that if the input appears to be malformed, it's
better to throw an error than to guess what the user meant. In the
case of basebackup_to_shell there are potentially security
ramifications to the setting involved so it seemed like a bad idea to
take a laissez faire approach. But also, just in general, if somebody
supplies an ssl_passphrase_command or archive_command with %<something
unexpected>, I don't really see why we should treat that differently
than trying to start the server with work_mem=banana.
--
Robert Haas
EDB: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-12-14 17:05:21 | Re: Common function for percent placeholder replacement |
Previous Message | Tom Lane | 2022-12-14 16:00:04 | Re: Error-safe user functions |