Home > mailing lists

Re: [HACKERS] Disallowing multiple queries per PQexec() - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] Disallowing multiple queries per PQexec()
Date	February 28, 2017 20:04:29
Msg-id	2111.1488290669@sss.pgh.pa.us Whole thread Raw
In response to	[HACKERS] Disallowing multiple queries per PQexec() (Surafel Temesgen <surafel3000@gmail.com>)
Responses	Re: [HACKERS] Disallowing multiple queries per PQexec() (Bruce Momjian <bruce@momjian.us>) Re: [HACKERS] Disallowing multiple queries per PQexec() (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Surafel Temesgen <surafel3000@gmail.com> writes:
> This assignment is on todo list and has a benefit of providing an
> additional defense against SQL-injection attacks.

This is on the todo list?  Really?  It seems unlikely to be worth the
backwards-compatibility breakage.  I certainly doubt that we could
get away with unconditionally rejecting such cases with no "off" switch,
as you have here.

> Previous mailing list discussion is here
> <https://www.postgresql.org/message-id/9236.1167968298@sss.pgh.pa.us>

That message points out specifically that we *didn't* plan to do this.
Perhaps back then (ten years ago) we could have gotten away with the
compatibility breakage, but now I doubt it.
        regards, tom lane

pgsql-hackers by date:

From: Amit Kapila
Date: 28 February 2017, 20:01:39
Subject: Re: [HACKERS] Write Ahead Logging for Hash Indexes

From: Peter Moser
Date: 28 February 2017, 20:09:05
Subject: Re: [HACKERS] [PROPOSAL] Temporal query processing with range types

Re: [HACKERS] Disallowing multiple queries per PQexec() - Mailing list pgsql-hackers

Previous

Next