Hi, On 2019-05-15 11:36:52 +0900, Masahiko Sawada wrote: > I might be missing something but if the frontend code doesn't check > arguments and we let the backend parsing logic do all the work then it > allows user to execute an arbitrary SQL command via vacuumdb.
But, so what? The user could just have used psql to do so? Greetings, Andres Freund
