On Wed, May 15, 2019 at 1:01 PM Masahiko Sawada <sawada.m...@gmail.com> wrote: > > On Wed, May 15, 2019 at 11:45 AM Andres Freund <and...@anarazel.de> wrote: > > > > Hi, > > > > On 2019-05-15 11:36:52 +0900, Masahiko Sawada wrote: > > > I might be missing something but if the frontend code doesn't check > > > arguments and we let the backend parsing logic do all the work then it > > > allows user to execute an arbitrary SQL command via vacuumdb. > > > > But, so what? The user could just have used psql to do so? > > Indeed. It shouldn't be a problem and we even now can do that by > specifying for example --table="t(c1);select 1" but doesn't work. >
I've attached new version patch that takes the way to let the backend parser do all work. Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
v3-0001-Add-index-cleanup-option-to-vacuumdb.patch
Description: Binary data
v3-0002-Add-truncate-option-to-vacuumdb.patch
Description: Binary data
