TropicalPenguin commented on issue #317: URL: https://github.com/apache/age/issues/317#issuecomment-1317583677
Continuing the discussion here so as not to clutter the PR. > However, item 2, is due to potential security holes that allowing those characters could enable. For now, this restriction needs to stay in place. I'm curious if these potential security holes are unique to AGE (because if not, it seems surprising that another platform intended for enterprise use would be willing to take such risks). If it's a concern about a kind of injection attack: isn't that avoided by the constraint of enclosing these characters in backticks? (kinda like the use of CDATA in XML) Totally possible that I'm missing something... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
