On 9/6/16 1:42 PM, Robert Haas wrote: > If we were talking about pathnames containing spaces, I would agree, > but I've never heard of a legitimate pathname containing CR or LF. I > can't see us losing much by refusing to allow such pathnames, except > for security holes.
The flip side of that is that if we're doing a half-way job of only prohibiting these characters in 67% of cases, then a new generation of tools will be written on top of that with the assumption that these characters cannot appear. But then those tools will be easy to break or exploit because it's possible to sneak stuff in in creative ways. So we're on the road to having an endless stream of "I can sneak in a CR/LF character in here" bugs. The current setup is more robust: We are prohibiting these characters in specific locations where we know we can't handle them. But we don't give any guarantees about anything else. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers