| Subject | Re: [ib-support] [] or "" |
|---|---|
| Author | Claudio Valderrama C. |
| Post date | 2001-10-27T04:06:55Z |
""Ann W. Harrison"" <aharrison@...> wrote in message
news:5.1.0.14.2.20011026112916.0274f598@......
Firebird, caused by the nefarious quoted identifiers:
[ #450405 ] Tricky role defeats basic SQL security
http://sourceforge.net/tracker/index.php?func=detail&aid=450405&group_id=902
8&atid=109028
[ #460621 ] Blob API v/s embedded blanks in names
http://sourceforge.net/tracker/index.php?func=detail&aid=460621&group_id=902
8&atid=109028
[ #229231 ] Revoke is case sensitive
http://sourceforge.net/tracker/index.php?func=detail&aid=229231&group_id=902
8&atid=109028
[ #227760 ] Zero-length db object names shouldn't be allowed
http://sourceforge.net/tracker/index.php?func=detail&aid=227760&group_id=902
8&atid=109028
[ #227758 ] Field names with spaces cannot be used in VIEWS
http://sourceforge.net/tracker/index.php?func=detail&aid=227758&group_id=902
8&atid=109028
[ #226456 ] SELECT/PLAN does not understand delimited SQL index names
http://sourceforge.net/tracker/index.php?func=detail&aid=226456&group_id=902
8&atid=109028
In addition, Ann did once things like
insert into tbl("field ") values(something);
and
select "field " from "tbl " where condition;
while discussing indentifiers in IB-Architect but the statements failed. I
had to fix them because trailing blanks weren't trimmed in all cases.
Even the humble gstat and the services API call that it implements had the
same problem until a few weeks ago when I fixed a function, but I didn't put
the failure in our tracker.
And there's another: the DFW (Deferred Work Handler) suffered from the same
hiccup in some place. I don't want to be tragical because I didn't try a
real example, but failure to compare two names with embedded blanks that are
the same (but were seen as different) could potentially lead to incorrect
metadata storage.
The code was prepared to stop at the first blank seen and to uppercase
everything or assume anything comes already uppercased. Only 3/4 of the code
was updated when IB6 was open sourced. This is why I continue using
underscores.
:-)
For example, there's still the same old logic at PAR_symbol_to_gdscode() but
I think it's harmless, because the names used (from codetext.h) are always
in lowercase and with underscore in the middle.
C.
--
Claudio Valderrama C. - http://www.cvalde.com - http://www.firebirdSql.org
Independent developer
Owner of the Interbase® WebRing
news:5.1.0.14.2.20011026112916.0274f598@......
> At 09:49 AM 10/26/2001 -0500, Woody wrote:Hi, these are SOME (and I'm not kidding) of the bugs that were fixed in
>
> Throughout the engine there are routines that compare names. If I had
> added quoted identifiers, I hope I would have had the sense to centralize
> those operations - something we may yet do to allow native language and
> long names. As it is, there is code everywhere that had to be taught to
> deal with spaces, for example. Claudio can expand on that, having found
> at least 4 different places that hadn't been fixed.
Firebird, caused by the nefarious quoted identifiers:
[ #450405 ] Tricky role defeats basic SQL security
http://sourceforge.net/tracker/index.php?func=detail&aid=450405&group_id=902
8&atid=109028
[ #460621 ] Blob API v/s embedded blanks in names
http://sourceforge.net/tracker/index.php?func=detail&aid=460621&group_id=902
8&atid=109028
[ #229231 ] Revoke is case sensitive
http://sourceforge.net/tracker/index.php?func=detail&aid=229231&group_id=902
8&atid=109028
[ #227760 ] Zero-length db object names shouldn't be allowed
http://sourceforge.net/tracker/index.php?func=detail&aid=227760&group_id=902
8&atid=109028
[ #227758 ] Field names with spaces cannot be used in VIEWS
http://sourceforge.net/tracker/index.php?func=detail&aid=227758&group_id=902
8&atid=109028
[ #226456 ] SELECT/PLAN does not understand delimited SQL index names
http://sourceforge.net/tracker/index.php?func=detail&aid=226456&group_id=902
8&atid=109028
In addition, Ann did once things like
insert into tbl("field ") values(something);
and
select "field " from "tbl " where condition;
while discussing indentifiers in IB-Architect but the statements failed. I
had to fix them because trailing blanks weren't trimmed in all cases.
Even the humble gstat and the services API call that it implements had the
same problem until a few weeks ago when I fixed a function, but I didn't put
the failure in our tracker.
And there's another: the DFW (Deferred Work Handler) suffered from the same
hiccup in some place. I don't want to be tragical because I didn't try a
real example, but failure to compare two names with embedded blanks that are
the same (but were seen as different) could potentially lead to incorrect
metadata storage.
The code was prepared to stop at the first blank seen and to uppercase
everything or assume anything comes already uppercased. Only 3/4 of the code
was updated when IB6 was open sourced. This is why I continue using
underscores.
:-)
For example, there's still the same old logic at PAR_symbol_to_gdscode() but
I think it's harmless, because the names used (from codetext.h) are always
in lowercase and with underscore in the middle.
C.
--
Claudio Valderrama C. - http://www.cvalde.com - http://www.firebirdSql.org
Independent developer
Owner of the Interbase® WebRing