From: Bruce Momjian <bruce@momjian.us> Date: Sat, 6 Jan 2007 21:58:22 +0000 (+0000) Subject: Add: X-Git-Tag: REL8_3_BETA1~1580 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=147f2e916c16590b2c9762ec370f226c0e4ae043;p=postgresql Add: > o Consider parsing the -c string into individual queries so each > is run in its own transaction > > o Consider disallowing multiple queries in PQexec() as an > additional barrier to SQL injection attacks --- diff --git a/doc/TODO b/doc/TODO index 5661f18728..f5e1ea472d 100644 --- a/doc/TODO +++ b/doc/TODO @@ -2,7 +2,7 @@ PostgreSQL TODO List ==================== Current maintainer: Bruce Momjian (bruce@momjian.us) -Last updated: Sat Jan 6 15:00:41 EST 2007 +Last updated: Sat Jan 6 16:33:48 EST 2007 The most recent version of this document can be viewed at http://www.postgresql.org/docs/faqs.TODO.html. @@ -738,6 +738,9 @@ Clients because setting the transaction isolation level must be the first statement of a transaction. + o Consider parsing the -c string into individual queries so each + is run in its own transaction + * pg_dump @@ -795,8 +798,10 @@ Clients held on the server waiting for them to be requested by libpq. One complexity is that a statement like SELECT 1/col could error out mid-way through the result set. - * Fix SSL retry to avoid useless repeated connection attempts and + o Fix SSL retry to avoid useless repeated connection attempts and ensuing misleading error messages + o Consider disallowing multiple queries in PQexec() as an + additional barrier to SQL injection attacks Triggers diff --git a/doc/src/FAQ/TODO.html b/doc/src/FAQ/TODO.html index 0f0c98f4d9..4d1a64da60 100644 --- a/doc/src/FAQ/TODO.html +++ b/doc/src/FAQ/TODO.html @@ -8,7 +8,7 @@ <body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF"> <h1><a name="section_1">PostgreSQL TODO List</a></h1> <p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/> -Last updated: Sat Jan 6 15:00:41 EST 2007 +Last updated: Sat Jan 6 16:33:48 EST 2007 </p> <p>The most recent version of this document can be viewed at<br/> <a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>. @@ -669,6 +669,8 @@ first. because setting the transaction isolation level must be the first statement of a transaction. </p> + </li><li>Consider parsing the -c string into individual queries so each + is run in its own transaction </li></ul> </li><li>pg_dump <ul> @@ -721,12 +723,12 @@ first. held on the server waiting for them to be requested by libpq. One complexity is that a statement like SELECT 1/col could error out mid-way through the result set. - </p><ul> - <li>Fix SSL retry to avoid useless repeated connection attempts and + <li>Fix SSL retry to avoid useless repeated connection attempts and ensuing misleading error messages - </li></ul> + </li><li>Consider disallowing multiple queries in PQexec() as an + additional barrier to SQL injection attacks </li></ul> -</li></ul> +</p></ul> <h1><a name="section_10">Triggers</a></h1> <ul> @@ -1298,6 +1300,6 @@ first. </li><li>Teodor is Teodor Sigaev <<a href="mailto:teodor@sigaev.ru">teodor@sigaev.ru</a>> </li><li>Tom is Tom Lane <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>> of Red Hat </li></ul> - +</li></ul></li></ul> </body> </html>