Gregory Stark <[EMAIL PROTECTED]> writes:
> "Tom Lane" <[EMAIL PROTECTED]> writes:
>> I'm not convinced that . is issue-free.  On most if not all versions of Unix,
>> you are allowed to open a directory as a file and read the filenames it
>> contains.  While I don't say it'd be easy to manage that through
>> tsearch, there's at least a potential for discovering the filenames
>> present in . and .. --- how much do we care about that?

> Actually I don't think that's true any more, most file systems on most Unixen
> do not allow it. However it appears it's still the case for Solaris so it's
> still a good point.

Actually, now that I've woken up a bit more, it is not a problem as
long as the tsearch code always appends some kind of file extension
to what the user gives, such as ".dict".  It'll be impossible to name
"." or ".." with that addition.

Also, Magnus says that Windows throws an error for ":" in the filename,
which means we needn't.

So the bottom line seems to be that rejecting directory separators
is sufficient to prevent any unwanted file accesses.

It might still be a good idea to restrict the names to be SQL
identifiers (ie, alphanumerics and underscores) for future-proofing,
but it wasn't clear whether anyone but me thought that was a good
argument.  I'm willing to make it just be no-dir-separators.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [EMAIL PROTECTED] so that your
       message can get through to the mailing list cleanly

Reply via email to