Add:

> o Consider parsing the -c string into individual queries so each > is run in its own transaction > > o Consider disallowing multiple queries in PQexec() as an > additional barrier to SQL injection attacks

Add:
> o Consider parsing the -c string into individual queries so each > is run in its own transaction > > o Consider disallowing multiple queries in PQexec() as an > additional barrier to SQL injection attacks
147f2e91 · Bruce Momjian · f0f4a6d7 · 147f2e91 · 147f2e91
Commit 147f2e91 authored Jan 06, 2007 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 8 deletions

doc/TODO doc/TODO +7 -2

doc/src/FAQ/TODO.html doc/src/FAQ/TODO.html +8 -6

No files found.
--- a/doc/TODO
+++ b/doc/TODO
@@ -2,7 +2,7 @@
 PostgreSQL TODO List
 ====================
 Current maintainer:	Bruce Momjian (bruce@momjian.us)
-Last updated:		Sat Jan  6 15:00:41 EST 2007
+Last updated:		Sat Jan  6 16:33:48 EST 2007

 The most recent version of this document can be viewed at
 http://www.postgresql.org/docs/faqs.TODO.html.
@@ -738,6 +738,9 @@ Clients
 	  because setting the transaction isolation level must be the
 	  first statement of a transaction.

+	o Consider parsing the -c string into individual queries so each
+	  is run in its own transaction
+

 * pg_dump

@@ -795,8 +798,10 @@ Clients
 	  held on the server waiting for them to be requested by libpq.
 	  One complexity is that a statement like SELECT 1/col could error
 	  out mid-way through the result set.
-	* Fix SSL retry to avoid useless repeated connection attempts and
+	o Fix SSL retry to avoid useless repeated connection attempts and
 	  ensuing misleading error messages
+	o Consider disallowing multiple queries in PQexec() as an
+	  additional barrier to SQL injection attacks


 Triggers

--- a/doc/src/FAQ/TODO.html
+++ b/doc/src/FAQ/TODO.html
@@ -8,7 +8,7 @@
 <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
 <h1><a name="section_1">PostgreSQL TODO List</a></h1>
 <p>Current maintainer:     Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
-Last updated:           Sat Jan  6 15:00:41 EST 2007
+Last updated:           Sat Jan  6 16:33:48 EST 2007
 </p>
 <p>The most recent version of this document can be viewed at<br/>
 <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@@ -669,6 +669,8 @@ first.
          because setting the transaction isolation level must be the
          first statement of a transaction.
 </p>
+    </li><li>Consider parsing the -c string into individual queries so each
+          is run in its own transaction
  </li></ul>
  </li><li>pg_dump
  <ul>
@@ -721,12 +723,12 @@ first.
          held on the server waiting for them to be requested by libpq.
          One complexity is that a statement like SELECT 1/col could error
          out mid-way through the result set.
-    </p><ul>
-      <li>Fix SSL retry to avoid useless repeated connection attempts and
+    <li>Fix SSL retry to avoid useless repeated connection attempts and
          ensuing misleading error messages
-    </li></ul>
+    </li><li>Consider disallowing multiple queries in PQexec() as an
+          additional barrier to SQL injection attacks
  </li></ul>
-</li></ul>
+</p></ul>
 <h1><a name="section_10">Triggers</a></h1>

 <ul>
@@ -1298,6 +1300,6 @@ first.
  </li><li>Teodor is Teodor Sigaev &lt;<a href="mailto:teodor@sigaev.ru">teodor@sigaev.ru</a>&gt;
  </li><li>Tom is Tom Lane &lt;<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>&gt; of Red Hat
 </li></ul>
-
+</li></ul></li></ul>
 </body>
 </html>