Robert Haas <robertmhaas@gmail.com> writes:
> Yeah. If we're going to do this at all, and I'm not convinced it's
> worth the work, I think it's definitely good to support a variant
> where we specify exactly the things that will be passed to exec().
> There's just too many ways to accidentally shoot yourself in the foot
> otherwise. If we want to have an option that lets people shoot
> themselves in the foot, that's fine. But I think we'd be smart not to
> make that the only option.
[ shrug... ] Once again, that will turn this from a ten-line patch
into hundreds of lines (and some more, different, hundreds of lines
for Windows I bet), with a corresponding growth in the opportunities
for bugs, for a benefit that's at best debatable.
The biggest problem this patch has had from the very beginning is
overdesign, and this is more of the same. Let's please just define the
feature as "popen, not fopen, the given string" and have done. You can
put all the warning verbiage you want in the documentation. (But note
that the server-side version would be superuser-only in any flavor of
the feature.)
regards, tom lane