On Tue, Feb 28, 2017 at 09:04:29AM -0500, Tom Lane wrote: > Surafel Temesgen <surafel3...@gmail.com> writes: > > This assignment is on todo list and has a benefit of providing an > > additional defense against SQL-injection attacks. > > This is on the todo list? Really? It seems unlikely to be worth the > backwards-compatibility breakage. I certainly doubt that we could > get away with unconditionally rejecting such cases with no "off" switch, > as you have here. > > > Previous mailing list discussion is here > > <https://www.postgresql.org/message-id/9236.1167968...@sss.pgh.pa.us> > > That message points out specifically that we *didn't* plan to do this. > Perhaps back then (ten years ago) we could have gotten away with the > compatibility breakage, but now I doubt it.
I might have added that one; the text is: Consider disallowing multiple queries in PQexec() as an additional barrier to SQL injection attacks and it is a "consider" item. Should it be moved to the Wire Protocol Changes / v4 Protocol section or removed? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers