From: Bruce Momjian <bruce@momjian.us>
Date: Sat, 6 Jan 2007 21:58:22 +0000 (+0000)
Subject: Add:
X-Git-Tag: REL8_3_BETA1~1580
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=147f2e916c16590b2c9762ec370f226c0e4ae043;p=postgresql
Add:
> o Consider parsing the -c string into individual queries so each
> is run in its own transaction
>
> o Consider disallowing multiple queries in PQexec() as an
> additional barrier to SQL injection attacks
---
diff --git a/doc/TODO b/doc/TODO
index 5661f18728..f5e1ea472d 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -2,7 +2,7 @@
PostgreSQL TODO List
====================
Current maintainer: Bruce Momjian (bruce@momjian.us)
-Last updated: Sat Jan 6 15:00:41 EST 2007
+Last updated: Sat Jan 6 16:33:48 EST 2007
The most recent version of this document can be viewed at
http://www.postgresql.org/docs/faqs.TODO.html.
@@ -738,6 +738,9 @@ Clients
because setting the transaction isolation level must be the
first statement of a transaction.
+ o Consider parsing the -c string into individual queries so each
+ is run in its own transaction
+
* pg_dump
@@ -795,8 +798,10 @@ Clients
held on the server waiting for them to be requested by libpq.
One complexity is that a statement like SELECT 1/col could error
out mid-way through the result set.
- * Fix SSL retry to avoid useless repeated connection attempts and
+ o Fix SSL retry to avoid useless repeated connection attempts and
ensuing misleading error messages
+ o Consider disallowing multiple queries in PQexec() as an
+ additional barrier to SQL injection attacks
Triggers
diff --git a/doc/src/FAQ/TODO.html b/doc/src/FAQ/TODO.html
index 0f0c98f4d9..4d1a64da60 100644
--- a/doc/src/FAQ/TODO.html
+++ b/doc/src/FAQ/TODO.html
@@ -8,7 +8,7 @@
<body bgcolor="#FFFFFF" text="#000000" link="#FF0000" vlink="#A00000" alink="#0000FF">
<h1><a name="section_1">PostgreSQL TODO List</a></h1>
<p>Current maintainer: Bruce Momjian (<a href="mailto:bruce@momjian.us">bruce@momjian.us</a>)<br/>
-Last updated: Sat Jan 6 15:00:41 EST 2007
+Last updated: Sat Jan 6 16:33:48 EST 2007
</p>
<p>The most recent version of this document can be viewed at<br/>
<a href="http://www.postgresql.org/docs/faqs.TODO.html">http://www.postgresql.org/docs/faqs.TODO.html</a>.
@@ -669,6 +669,8 @@ first.
because setting the transaction isolation level must be the
first statement of a transaction.
</p>
+ </li><li>Consider parsing the -c string into individual queries so each
+ is run in its own transaction
</li></ul>
</li><li>pg_dump
<ul>
@@ -721,12 +723,12 @@ first.
held on the server waiting for them to be requested by libpq.
One complexity is that a statement like SELECT 1/col could error
out mid-way through the result set.
- </p><ul>
- <li>Fix SSL retry to avoid useless repeated connection attempts and
+ <li>Fix SSL retry to avoid useless repeated connection attempts and
ensuing misleading error messages
- </li></ul>
+ </li><li>Consider disallowing multiple queries in PQexec() as an
+ additional barrier to SQL injection attacks
</li></ul>
-</li></ul>
+</p></ul>
<h1><a name="section_10">Triggers</a></h1>
<ul>
@@ -1298,6 +1300,6 @@ first.
</li><li>Teodor is Teodor Sigaev <<a href="mailto:teodor@sigaev.ru">teodor@sigaev.ru</a>>
</li><li>Tom is Tom Lane <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>> of Red Hat
</li></ul>
-
+</li></ul></li></ul>
</body>
</html>