Re: Tightening up allowed custom GUC names
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Noah Misch <noah@leadboat.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-02-11T19:50:13Z
Lists: pgsql-hackers
On Tue, Feb 9, 2021 at 6:02 PM Noah Misch <noah@leadboat.com> wrote: > > * A case could be made for tightening things up a lot more, and not > > allowing anything that doesn't look like an identifier. I'm not > > pushing for that, as it seems more likely to break existing > > applications than the narrow restriction proposed here. But I could > > live with it if people prefer that way. > > I'd prefer that. Characters like backslash, space, and double quote have > significant potential to reveal bugs, while having negligible application > beyond revealing bugs. I'm not sure exactly what the rule should be here, but in general I agree that a broader prohibition might be better. It's hard to understand the rationale behind a system that doesn't allow robert.max-workers as a GUC name, but does permit ro b"ert.max^Hworkers. +1 for not back-patching whatever we do here. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Tighten up allowed names for custom GUC parameters.
- 3db826bd55cd 14.0 landed