On Mar 28, 2011, at 3:11 AM, Federico Di Gregorio wrote:
>
> What Daniele did is fine:
>
> 1) There is no security problem, because the code only work in the
> database->user direction.
>
> 2) Allows communication with different combinations of backend/libpq
> versions without adding the overhead of extra quesries when
> establishing the connection (i.e., it just works and this is
> very important for the user).
>
> Also, while I am writing very few new code I am reviewing everything and
> I am confident to say that psycopg is much safe now than 2 years ago
> when I was the only developer.
Wouldn't it make more sense to simply bundle the latest version of libpq with psycopg2? As far as I can tell, there is
noadvantage to compiling against an older libpq- they are all backwards compatible.
Cheers,
M