Re: ecmascript 5 DATESTYLE

2010/5/19 Mike Fowler <mike@mlfowler.com>:
> Pavel Stehule wrote:
>>
>> 2010/5/19 Peter Eisentraut <peter_e@gmx.net>:
>>
>>>
>>> On tis, 2010-05-18 at 18:26 -0400, Ben Hockey wrote:
>>>
>>>>
>>>> ecmascript 5 is the most recent specification for JavaScript and i
>>>> would think that having a DATESTYLE format to simplify
>>>> interoperability with JavaScript applications would be highly
>>>> desirable.
>>>>
>>>
>>> Note that we haven't got any other datestyles that are intended to
>>> support interoperability with some language.  It is usually the job of
>>> the client driver to convert PostgreSQL data (plural of datum) to the
>>> appropriate type and format for the client environment or language.  Is
>>> there any reason why JavaScript would be different?
>>>
>
> I wouldn't be keen to see dedicated language specific handling of
> date/datetime formats. It would lead to an explosion of functions with new
> languages needing adding as and when their users jumped up and down on us.
> However a generic format could be very useful and would give the opportunity
> for people who need a language specific short cut the opportunity to do a
> CREATE FUNCTION wrapping the generic one with a hard coded format specifier.
>
> Other platforms have generic support for this kind of task, for example
> SQLServer: http://msdn.microsoft.com/en-us/library/ms187928.aspx. I wouldn't
> recommend the SQLServer way, I think numeric format specifiers are clumsy.
> Perhaps a mechanism like Java which is nicely summarized here:
> http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html
>
> Pavel: Why do you believe a generic format function would lead to SQL
> injections attacks?

see google: lateral sql injection oracle NLS_DATE_FORMAT

I would to like this functionality too - and technically I don't see a
problem - It's less than 100 lines, but I don't need a new security
problem. So my proposal is change nothing on this integrated
functionality and add new custom date type - like cdate that can be
customized via GUC.

Regards
Pavel
>
>> JavaScript isn't special language, but JSON is wide used format for
>> interoperability. And same is true for XML datestyle format.
>>
>> Regards
>> Pavel
>>
>
> I think that the postgres handling of those data types should handle the
> date encoding themselves. For example, a XMLELEMENT call that was passed a
> date would format the date string to the xs:date format (e.g. 2010-05-19)
> and when passed a timestamp format to xs:datetime (e.g.
> 2010-05-19T09:29:52+01:00). I would see the JSON handling as being no
> different.
>
> Thanks,
>
> --
> Mike Fowler
> Registered Linux user: 379787
>
> "I could be a genius if I just put my mind to it, and I,
> I could do anything, if only I could get 'round to it"
> -PULP 'Glory Days'
>
>