Re: Tightening up allowed custom GUC names
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: Noah Misch <noah@leadboat.com>, pgsql-hackers@lists.postgresql.org
Date: 2021-03-15T18:49:51Z
Lists: pgsql-hackers
Attachments
- restrict-custom-guc-names-2.patch (text/x-diff) patch
[ getting back to this, after a bit of procrastination ] Andrew Dunstan <andrew@dunslane.net> writes: > On 2/11/21 1:32 PM, Tom Lane wrote: >> Noah Misch <noah@leadboat.com> writes: >>> On Tue, Feb 09, 2021 at 05:34:37PM -0500, Tom Lane wrote: >>>> * A case could be made for tightening things up a lot more, and not >>>> allowing anything that doesn't look like an identifier. I'm not >>>> pushing for that, as it seems more likely to break existing >>>> applications than the narrow restriction proposed here. But I could >>>> live with it if people prefer that way. >>> I'd prefer that. Characters like backslash, space, and double quote have >>> significant potential to reveal bugs, while having negligible application >>> beyond revealing bugs. > That might be a bit restrictive. I could at least see allowing '-' as > reasonable, and maybe ':'. Not sure about other punctuation characters. > OTOH I'd be surprised if the identifier restriction would burden a large > number of people. We can't allow '-', for the specific reason that it won't work as a -c argument (thanks to -c's translation of '-' to '_'). The whole point here is to prevent corner cases like that. ':' would be all right, but I think it's a lot simpler to explain and a lot harder to break in future if we just say that the names have to be valid identifiers. Patch that does it like that attached. (I concur with the downthread opinions that we shouldn't back-patch this.) regards, tom lane
Commits
-
Tighten up allowed names for custom GUC parameters.
- 3db826bd55cd 14.0 landed