Re: Tightening up allowed custom GUC names

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, Noah Misch <noah@leadboat.com>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2021-02-11T20:04:17Z
Lists: pgsql-hackers
On 2/11/21 1:32 PM, Tom Lane wrote:
> Noah Misch <noah@leadboat.com> writes:
>> On Tue, Feb 09, 2021 at 05:34:37PM -0500, Tom Lane wrote:
>>> * A case could be made for tightening things up a lot more, and not
>>> allowing anything that doesn't look like an identifier.  I'm not
>>> pushing for that, as it seems more likely to break existing
>>> applications than the narrow restriction proposed here.  But I could
>>> live with it if people prefer that way.
>> I'd prefer that.  Characters like backslash, space, and double quote have
>> significant potential to reveal bugs, while having negligible application
>> beyond revealing bugs.
> Any other opinions here?  I'm hesitant to make such a change on the
> basis of just one vote.
>
> 			



That might be a bit restrictive. I could at least see allowing '-' as
reasonable, and maybe ':'. Not sure about other punctuation characters.
OTOH I'd be surprised if the identifier restriction would burden a large
number of people.


cheers


andrew


--
Andrew Dunstan
EDB: https://www.enterprisedb.com




Commits

  1. Tighten up allowed names for custom GUC parameters.