Re: Can we remove support for standard_conforming_strings = off yet?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: pgsql-hackers@lists.postgresql.org
Date: 2025-12-30T22:50:10Z
Lists: pgsql-hackers
Attachments
- v1-0001-Force-standard_conforming_strings-to-always-be-ON.patch (text/x-diff)
- v1-0002-Remove-server-side-support-for-standard_conformin.patch (text/x-diff)
- v1-0003-Adjust-pg_dump-and-pg_dumpall-for-standard_confor.patch (text/x-diff)
- v1-0004-Remove-escape_string_warning.patch (text/x-diff)
I wrote: > standard_conforming_strings has defaulted to ON since 2010 (see > 0839f312e in the 9.1 release). I propose that it's finally time to > force it on and get rid of code that supports the "off" setting. Here's a draft patch series for that. As I was working through it, I realized that there's one potentially-nasty point that might cause upgrading problems. To wit, pg_dump and pg_dumpall have historically replicated the source server's standard_conforming_strings setting into their output: they emit a SET command for that, and any string literals appearing in views or the like will be escaped accordingly. So if your old installation had standard_conforming_strings = off, and all you have from it is existing pg_dump output (either text or archive format), you are in a sticky situation because that dump will not restore cleanly. This isn't impossible to get out of, but you'd probably have to stand up a pre-v19 server, restore the dump into that, and take a fresh dump made with standard_conforming_strings = on. The alternative would be manual correction of literals in the dump script, which seems far too error-prone to be recommendable. This isn't a problem if you can make the dump with v19 pg_dump (and therefore it's not an issue for pg_upgrade cases). The attached patch series tweaks pg_dump to force standard_conforming_strings = on while dumping, so that it will produce a usable dump even if the source server had the wrong default. Nonetheless, if I thought there were more than epsilon existing installations still running standard_conforming_strings = off as a global setting, I'd worry that we still can't get away with making this change. But if I believed that, I wouldn't be proposing it. This observation does raise the stakes a bit though. Another comment worth making is that I oversold the code-savings benefit: > The code-removal aspect shouldn't be minimized either. There's > a nontrivial portion of scan.l that isn't reachable unless > standard_conforming_strings is off, and reducing the size of the > lexer probably translates directly to performance benefits. When I wrote that I was thinking we could get rid of the flex rules for the <xe> exclusive state, but of course we cannot: those rules are shared with the escape-string syntax E'...'. In the attached, the rules flex sees don't change at all. We can get rid of the code supporting escape_string_warning, because those warnings are unreachable unless standard_conforming_strings = off. But that's no large amount of code. I still think this is worth doing on the grounds of closing edge-case security holes. But perhaps it's not quite as attractive as I thought yesterday. A compromise position could be to apply only 0003 attached to change pg_dump[all]'s behavior, then wait a few more years so that the dump/reload hazard is minimized before we reconsider the main patch. Anyway, patches attached. regards, tom lane