Re: Common function for percent placeholder replacement
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2022-12-14T16:09:51Z
Lists: pgsql-hackers
On Wed, Dec 14, 2022 at 2:31 AM Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote: > There are a number of places where a shell command is constructed with > percent-placeholders (like %x). First, it's obviously cumbersome to > have to open-code this several times. Second, each of those pieces of > code silently encodes some edge case behavior, such as what to do with > unrecognized placeholders. (I remember when I last did one of these, I > stared very hard at the existing code instances to figure out what they > would do.) We now also have a newer instance in basebackup_to_shell.c > that has different behavior in such cases. (Maybe it's better, but it > would be good to be explicit and consistent about this.) Well, OK, I'll tentatively cast a vote in favor of adopting basebackup_to_shell's approach elsewhere. Or to put that in plain English: I think that if the input appears to be malformed, it's better to throw an error than to guess what the user meant. In the case of basebackup_to_shell there are potentially security ramifications to the setting involved so it seemed like a bad idea to take a laissez faire approach. But also, just in general, if somebody supplies an ssl_passphrase_command or archive_command with %<something unexpected>, I don't really see why we should treat that differently than trying to start the server with work_mem=banana. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Code cleanup
- 881fa869c6b0 16.0 landed
-
Common function for percent placeholder replacement
- c96de2ce1782 16.0 landed