On 2014-02-19 13:31:06 -0500, Robert Haas wrote:
> TBH, as compared to what you've got now, I think this mostly boils
> down to a question of quoting and escaping.  I'm not really concerned
> with whether we ship something that's perfectly efficient, or that has
> filtering capabilities, or that has a lot of fancy bells and whistles.
>  What I *am* concerned about is that if the user updates a text field
> that contains characters like " or ' or : or [ or ] or , that somebody
> might be using as delimiters in the output format, that a program can
> still parse that output format and reliably determine what the actual
> change was.  I don't care all that much whether we use JSON or CSV or
> something custom, but the data that gets spit out should not have
> SQL-injection-like vulnerabilities.

If it's just that, I am *perfectly* happy to change it. What I do not
want is arguments like "I don't want the type information, that's
pointless" because it's actually really important for regression


Andres Freund

 Andres Freund                     http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to