On 2014-02-19 13:31:06 -0500, Robert Haas wrote: > TBH, as compared to what you've got now, I think this mostly boils > down to a question of quoting and escaping. I'm not really concerned > with whether we ship something that's perfectly efficient, or that has > filtering capabilities, or that has a lot of fancy bells and whistles. > What I *am* concerned about is that if the user updates a text field > that contains characters like " or ' or : or [ or ] or , that somebody > might be using as delimiters in the output format, that a program can > still parse that output format and reliably determine what the actual > change was. I don't care all that much whether we use JSON or CSV or > something custom, but the data that gets spit out should not have > SQL-injection-like vulnerabilities.
If it's just that, I am *perfectly* happy to change it. What I do not want is arguments like "I don't want the type information, that's pointless" because it's actually really important for regression testing. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
