On Thu, May 20, 2010 at 9:25 PM, Ben Hockey <neonstalwart@gmail.com> wrote:
> thanks for looking into adding this feature. custom formats for parsing and
> formatting of dates would certainly be the better option if it can be done
> securely.
Well, Pavel expressed a concern about SQL injection, but I can't see
why that would be a problem. If having multiple date formats is
insecure, then we are already insecure. If it's not, then I don't see
why having user-definable formats would be any more insecure than
having formats from a fixed list. In any case, I can't see the
connection to SQL injection - it seems like the worst case scenario is
that some client gets confused about what the date format is and some
dates get misinterpreted.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
