From: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
---|---|
To: | Andres Freund <andres(at)anarazel(dot)de> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Euler Taveira <euler(at)timbira(dot)com(dot)br>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: vacuumdb and new VACUUM options |
Date: | 2019-05-15 04:01:21 |
Message-ID: | CAD21AoAv2XZCbOWQd-YrGmY_ioe-XACEW44JuvTGdKLzCiUaBA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, May 15, 2019 at 11:45 AM Andres Freund <andres(at)anarazel(dot)de> wrote:
>
> Hi,
>
> On 2019-05-15 11:36:52 +0900, Masahiko Sawada wrote:
> > I might be missing something but if the frontend code doesn't check
> > arguments and we let the backend parsing logic do all the work then it
> > allows user to execute an arbitrary SQL command via vacuumdb.
>
> But, so what? The user could just have used psql to do so?
Indeed. It shouldn't be a problem and we even now can do that by
specifying for example --table="t(c1);select 1" but doesn't work.
Regards,
--
Masahiko Sawada
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2019-05-15 04:10:30 | wal_consistency_checking clean on HEAD (f4125278) |
Previous Message | David Rowley | 2019-05-15 02:59:48 | Re: PostgreSQL 12: Feature Highlights |