"Tsunakawa, Takayuki" <tsunakawa.ta...@jp.fujitsu.com> writes: > Before digging into the problem, could you share your impression on > whether PostgreSQL can support SJIS? Would it be hopeless?
I think it's pretty much hopeless. Even if we were willing to make every bit of code that looks for '\' and other specific at-risk characters multi-byte aware (with attendant speed penalties), we could expect that third-party extensions would still contain vulnerable code. More, we could expect that new bugs of the same ilk would get introduced all the time. Many such bugs would amount to security problems. So the amount of effort and vigilance required seems out of proportion to the benefits. Most of the recent discussion about allowed backend encodings has run more in the other direction, ie, "why don't we disallow everything but UTF8 and get rid of all the infrastructure for multiple backend encodings?". I'm not personally in favor of that, but there are very few hackers who want to add any more overhead in this area. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers