On 2014-02-19 13:31:06 -0500, Robert Haas wrote:
> TBH, as compared to what you've got now, I think this mostly boils
> down to a question of quoting and escaping. I'm not really concerned
> with whether we ship something that's perfectly efficient, or that has
> filtering capabilities, or that has a lot of fancy bells and whistles.
> What I *am* concerned about is that if the user updates a text field
> that contains characters like " or ' or : or [ or ] or , that somebody
> might be using as delimiters in the output format, that a program can
> still parse that output format and reliably determine what the actual
> change was. I don't care all that much whether we use JSON or CSV or
> something custom, but the data that gets spit out should not have
> SQL-injection-like vulnerabilities.
If it's just that, I am *perfectly* happy to change it. What I do not
want is arguments like "I don't want the type information, that's
pointless" because it's actually really important for regression
testing.
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services
