On Tue, Feb 09, 2021 at 05:34:37PM -0500, Tom Lane wrote:
> Now granting that the best answer is just to forbid these cases,
> there are still a couple of decisions about how extensive the
> prohibition ought to be:
>
> * We could forbid these characters only when you try to actually
> put such a GUC into pg_db_role_setting, and otherwise allow them.
> That seems like a weird nonorthogonal choice though, so I'd
> rather just forbid them period.
Agreed.
> * A case could be made for tightening things up a lot more, and not
> allowing anything that doesn't look like an identifier. I'm not
> pushing for that, as it seems more likely to break existing
> applications than the narrow restriction proposed here. But I could
> live with it if people prefer that way.
I'd prefer that. Characters like backslash, space, and double quote have
significant potential to reveal bugs, while having negligible application
beyond revealing bugs.