Re: Re: BUG #9210: PostgreSQL string store bug? not enforce check with correct characterSET/encoding - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Re: BUG #9210: PostgreSQL string store bug? not enforce check with correct characterSET/encoding
Date
Msg-id 19842.1393021206@sss.pgh.pa.us
Whole thread Raw
In response to Re: BUG #9210: PostgreSQL string store bug? not enforce check with correct characterSET/encoding  (Noah Misch <noah@leadboat.com>)
Responses Re: Re: BUG #9210: PostgreSQL string store bug? not enforce check with correct characterSET/encoding  (Noah Misch <noah@leadboat.com>)
List pgsql-hackers
Noah Misch <noah@leadboat.com> writes:
> On Wed, Feb 19, 2014 at 08:22:13PM -0500, Tom Lane wrote:
>> How much of this is back-patch material, do you think?

> None of it.  While many of the failures to validate against a character
> encoding are clear bugs, applications hum along in spite of such bugs and
> break when we tighten the checks.  I don't see a concern to override that
> here.  Folks who want the tighter checking have some workarounds available.

That's certainly a reasonable position to take concerning the changes for
outside-a-transaction behavior.  However, I think there's a case to be
made for adding the additional pg_verify_mbstr() calls in the back
branches.  We've been promising since around 8.3 that invalidly encoded
data can't get into a database, and it's disturbing to find that there
are leaks in that.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Daniel Farina
Date:
Subject: Re: Storing the password in .pgpass file in an encrypted format
Next
From: Josh Berkus
Date:
Subject: Re: Storing the password in .pgpass file in an encrypted format