OK, applied, with that change.
---------------------------------------------------------------------------
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > OK, here is the patch with the suggested changes. I am sending the
> > patch to hackers because there has been so much interest in this.
>
> One minor gripe:
>
> > + /* If user@, it is a global user, remove '@' */
> > + if (strchr(port->user, '@') == port->user + strlen(port->user)-1)
>
> This code is correct, but it tempts someone to replace the strchr()
> with a single-character check on the last character of the string.
> Which would introduce the security hole we discussed before. The
> code is okay, but *please* improve the comment to point out that you
> are also excluding the case where there are @'s to the left of the
> last character.
>
> regards, tom lane
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073