Re: Changeset Extraction v7.6.1
| От | Andres Freund |
|---|---|
| Тема | Re: Changeset Extraction v7.6.1 |
| Дата | |
| Msg-id | 20140221110937.GW28858@alap3.anarazel.de обсуждение исходный текст |
| Ответ на | Re: Changeset Extraction v7.6.1 (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
On 2014-02-19 13:31:06 -0500, Robert Haas wrote: > TBH, as compared to what you've got now, I think this mostly boils > down to a question of quoting and escaping. I'm not really concerned > with whether we ship something that's perfectly efficient, or that has > filtering capabilities, or that has a lot of fancy bells and whistles. > What I *am* concerned about is that if the user updates a text field > that contains characters like " or ' or : or [ or ] or , that somebody > might be using as delimiters in the output format, that a program can > still parse that output format and reliably determine what the actual > change was. I don't care all that much whether we use JSON or CSV or > something custom, but the data that gets spit out should not have > SQL-injection-like vulnerabilities. If it's just that, I am *perfectly* happy to change it. What I do not want is arguments like "I don't want the type information, that's pointless" because it's actually really important for regression testing. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: