On Tue, Nov 8, 2022 at 9:28 PM Michael Paquier <mich...@paquier.xyz> wrote: > On Tue, Nov 08, 2022 at 04:57:09PM -0800, Jacob Champion wrote: > > But I guess that wouldn't really help with ALTER ROLE ... PASSWORD, > > because you can't parameterize it. Hm... > > Yeah, and I'd like to think that this is never something we should > allow, either, as that could be easily a footgun for users (?).
What would make it unsafe? I don't know a lot about the tradeoffs for parameterizing queries. --Jacob
