On Wed, Feb 11, 2015 at 2:41 PM, Hadley Wickham <h.wick...@gmail.com> wrote:
> >> It gives a new attack vector - to introduce additional data into the > >> database, you just need to figure out how to turn a length 1 vector in > >> to a length 2 vector. > >> > >> It's dangerous in the same way that allowing dbGetQuery() to execute > >> multiple queries is dangerous. > > > > I'd rather hope that if it were a case that mattered, the user would not > > rely on the api as a substitute for appropriate checks. > > I think the API should be as safe as possible by default, and > sacrificing safety for speed should only be done explicitly when the > user asks for it. > My use cases are not so sensitive, but I agree with the general idea. Also, you really do not gain much over regular looping as inserts are really slow, at least in postgresql. THK > > Hadley > > -- > http://had.co.nz/ > -- http://www.keittlab.org/ [[alternative HTML version deleted]] _______________________________________________ R-sig-DB mailing list -- R Special Interest Group R-sig-DB@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-db
