On Wed, May 15, 2019 at 11:45 AM Andres Freund <and...@anarazel.de> wrote: > > Hi, > > On 2019-05-15 11:36:52 +0900, Masahiko Sawada wrote: > > I might be missing something but if the frontend code doesn't check > > arguments and we let the backend parsing logic do all the work then it > > allows user to execute an arbitrary SQL command via vacuumdb. > > But, so what? The user could just have used psql to do so?
Indeed. It shouldn't be a problem and we even now can do that by specifying for example --table="t(c1);select 1" but doesn't work. Regards, -- Masahiko Sawada NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center
