Home > mailing lists

Re: Forbid use of LF and CR characters in database and role names - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Forbid use of LF and CR characters in database and role names
Date	August 23, 2016 04:44:26
Msg-id	17670.1471916653@sss.pgh.pa.us Whole thread Raw
In response to	Re: Forbid use of LF and CR characters in database and role names (Peter Geoghegan <pg@heroku.com>)
List	pgsql-hackers

Tree view

Peter Geoghegan <pg@heroku.com> writes:
> On Mon, Aug 22, 2016 at 6:28 PM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> There is no need to put restrictions on those I think, and they are
>> actually supported.

> Bi-directional text support (i.e., the use of right-to-left control
> characters) is known to have security implications, FWIW. There is an
> interesting discussion of the matter here:

> http://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing

The problem with implementing anything like that is that it requires
assumptions about what encoding we're dealing with, which would be
entirely not based in fact.  (The DB encoding is not a good guide
to what global names are encoded as, much less what encoding some
shell might think it's using.)
        regards, tom lane

pgsql-hackers by date:

From: Peter Geoghegan
Date: 23 August 2016, 04:40:11
Subject: Re: Forbid use of LF and CR characters in database and role names

From: Amit Kapila
Date: 23 August 2016, 06:24:47
Subject: Write Ahead Logging for Hash Indexes

Re: Forbid use of LF and CR characters in database and role names - Mailing list pgsql-hackers

Previous

Next