Bruce Momjian <[EMAIL PROTECTED]> writes: > OK, here is the patch with the suggested changes. I am sending the > patch to hackers because there has been so much interest in this.
One minor gripe: > + /* If user@, it is a global user, remove '@' */ > + if (strchr(port->user, '@') == port->user + strlen(port->user)-1) This code is correct, but it tempts someone to replace the strchr() with a single-character check on the last character of the string. Which would introduce the security hole we discussed before. The code is okay, but *please* improve the comment to point out that you are also excluding the case where there are @'s to the left of the last character. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org