"Tom Lane" <tgl@sss.pgh.pa.us> writes:
> Gregory Stark <stark@enterprisedb.com> writes:
>> "Tom Lane" <tgl@sss.pgh.pa.us> writes:
>>> I made it reject all but latin letters, which is the same restriction
>>> that's in place for timezone set filenames. That might be overly
>>> strong, but we definitely have to forbid "." and "/" (and "\" on
>>> Windows). Do we want to restrict it to letters, digits, underscore?
>>> Or does it need to be weaker than that?
>
>> What's the problem with "."?
>
> ../../../../etc/passwd
>
> Possibly we could allow '.' as long as we forbade /,
Right, traditionally the only characters forbidden in filenames in Unix are /
and nul. If we want the files to play nice in Gnome etc then we should
restrict them to ascii since we don't know what encoding the gui expects.
Actually I think in Windows \ : and . are problems (not allowed more than one
dot in dos).
> There's a reasonable argument for restricting the names used for these
> things in the SQL definitions to be valid SQL identifiers, so that that
> will work nicely...
Ah
-- Gregory Stark EnterpriseDB http://www.enterprisedb.com
