Robert Haas wrote: > On Wed, Jul 26, 2017 at 5:38 AM, Ashutosh Bapat > <ashutosh.ba...@enterprisedb.com> wrote: > > According to F.34.1.1 at [1] passing connection string as dbname > > option should work, so your question is valid. I am not aware of any > > discussion around this on hackers. Comments in connect_pg_server() > > don't help either. But I guess, we expect users to set up individual > > foreign server and user mapping options instead of putting those in a > > connection string. I can not think of any reason except that it > > improves readability. If postgres_fdw wants to take certain actions > > based on the values of individual options, having them separate is > > easier to handle than parsing them out of a connection string. > > > > Any way, if we are not going to change current behaviour, we should > > change the documentation and say that option dbname means "database > > name" and not a connection string. > > I kind of wonder if this had some security aspect to it? But not sure.
Yeah, me too. As I recall, if the flag is not set, parameters set by the FDW server earlier in the conninfo can be changed by params that appear in the dbname. Offhand I can't see any obvious security implications, but then I've not thought about it very hard. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers