"Tom Lane" <[EMAIL PROTECTED]> writes: > Gregory Stark <[EMAIL PROTECTED]> writes: >> "Tom Lane" <[EMAIL PROTECTED]> writes: >>> I made it reject all but latin letters, which is the same restriction >>> that's in place for timezone set filenames. That might be overly >>> strong, but we definitely have to forbid "." and "/" (and "\" on >>> Windows). Do we want to restrict it to letters, digits, underscore? >>> Or does it need to be weaker than that? > >> What's the problem with "."? > > ../../../../etc/passwd > > Possibly we could allow '.' as long as we forbade /,
Right, traditionally the only characters forbidden in filenames in Unix are / and nul. If we want the files to play nice in Gnome etc then we should restrict them to ascii since we don't know what encoding the gui expects. Actually I think in Windows \ : and . are problems (not allowed more than one dot in dos). > There's a reasonable argument for restricting the names used for these > things in the SQL definitions to be valid SQL identifiers, so that that > will work nicely... Ah -- Gregory Stark EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
