On Mon, Oct 19, 2009 at 8:37 AM, Peter Eisentraut <peter_e@gmx.net> wrote:
> On Fri, 2009-10-16 at 12:58 +0100, Dave Page wrote:
>> I think that covers all the suggestions discussed over the last couple
>> of days, with the exception of the rejection of \n and similar
>> characters which I'm still not entirely convinced is worth the effort.
>> Any other opinions on that? Anything else that should be
>> added/changed?
>
> So this would effectively allow any minimally authorized user to write
> whatever they want into the log file whenever they want? Doesn't sound
> very safe to me.
A user can do that anyway if query logging is turned on, but anyway,
what would you suggest - accept a-zA-Z0-9 and a few other choice
characters only, or just reject a handful (and if so, what)?
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com