Re: pg_execute_from_file review

From: Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr>
To: Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>
Cc: Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, Joshua Tolley <eggyknap(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_execute_from_file review
Date: 2010-11-30 09:48:48
Message-ID: m2fwujcfb3.fsf@2ndQuadrant.fr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com> writes:
> client_encoding won't work at all because read_sql_queries_from_file()
> uses pg_verifymbstr(), that is verify the input with *server_encoding*.
>
> Even if we replace it with pg_verify_mbstr(client_encoding, ...) and
> pg_do_encoding_conversion(from client_encoding to server_encoding),
> it still won't work well when error messages are raised. The client
> expects the original client encoding, but messages are sent in the
> file encoding. It would be a security hole.

I'll confess I'm at a loss here wrt how to solve your concerns.

Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2010-11-30 09:55:16 Re: GiST insert algorithm rewrite
Previous Message Dimitri Fontaine 2010-11-30 09:47:33 Re: pg_execute_from_file review