On Sun, Feb 08, 2004 at 09:34:15PM -0500, Tom Lane wrote:
> Is this "nothing"?
> http://www.postgresql.org/docs/7.4/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
>
> I don't think the docs are nearly as bereft of security-related items as
> you claim. They may be scattered and poorly indexed, but they're there.
Tom, I think this is largely a semantic issue. If documentation exists,
but is difficult to find, or stored in such a way as to not be quickly
available to somebody looking for it, it isn't useful. While not
"nothing" as such, it doesn't count for much.
I've liked what I've heard so far in this thread. Is there a consensus
that some documentation could be added regarding security? If we can
agree on that, I would be happy to start doing some collating of data
on the subject. Could it go in the distributed documentation? I know
there was some debate as to whether it belonged in the docs themselves,
or in techdocs.
Personally, I feel that distributing it in the main documentation would
be preferable. However, I don't have any particular allegiance to that
method; I mostly look for answers to questions via google first. If the
docs were included on techdocs, google would find them soon enough. I
suppose, also, anyone who was interested in securing their database
would look a little further than the included documentation.
Opinions?
Alex
--
[EMAIL PROTECTED]
Alex J. Avriette, Shepherd of wayward Database Administrators
"We are paying through the nose to be ignorant." - Larry Ellison
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
