"Tom Lane" <[EMAIL PROTECTED]> writes:

> Gregory Stark <[EMAIL PROTECTED]> writes:
>> "Tom Lane" <[EMAIL PROTECTED]> writes:
>>> I made it reject all but latin letters, which is the same restriction
>>> that's in place for timezone set filenames.  That might be overly
>>> strong, but we definitely have to forbid "." and "/" (and "\" on
>>> Windows).  Do we want to restrict it to letters, digits, underscore?
>>> Or does it need to be weaker than that?
>> What's the problem with "."?
> ../../../../etc/passwd
> Possibly we could allow '.' as long as we forbade /, 

Right, traditionally the only characters forbidden in filenames in Unix are /
and nul. If we want the files to play nice in Gnome etc then we should
restrict them to ascii since we don't know what encoding the gui expects. 

Actually I think in Windows \ : and . are problems (not allowed more than one
dot in dos).

> There's a reasonable argument for restricting the names used for these
> things in the SQL definitions to be valid SQL identifiers, so that that
> will work nicely...


  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?


Reply via email to