Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1viGWK-001vi6-3A for pgsql-hackers@arkaria.postgresql.org; Tue, 20 Jan 2026 18:32:05 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1viGWK-002Ic0-0D for pgsql-hackers@arkaria.postgresql.org; Tue, 20 Jan 2026 18:32:04 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1viGWJ-002Ibs-2V for pgsql-hackers@lists.postgresql.org; Tue, 20 Jan 2026 18:32:04 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1viGWH-001ZIT-0v for pgsql-hackers@lists.postgresql.org; Tue, 20 Jan 2026 18:32:03 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 60KIVr7C1706008; Tue, 20 Jan 2026 13:31:53 -0500 From: Tom Lane To: Julien Rouhaud cc: John Naylor , Andrew Dunstan , pgsql-hackers@lists.postgresql.org Subject: Re: Can we remove support for standard_conforming_strings = off yet? In-reply-to: References: <3279216.1767072538@sss.pgh.pa.us> <3730915.1767135010@sss.pgh.pa.us> <3924010.1767200681@sss.pgh.pa.us> Comments: In-reply-to Julien Rouhaud message dated "Mon, 05 Jan 2026 20:01:15 +0800" MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-ID: <1706006.1768933913.1@sss.pgh.pa.us> Content-Transfer-Encoding: 8bit Date: Tue, 20 Jan 2026 13:31:53 -0500 Message-ID: <1706007.1768933913@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Julien Rouhaud writes: > On Mon, Jan 05, 2026 at 05:03:48PM +0700, John Naylor wrote: >> On Thu, Jan 1, 2026 at 12:04 AM Tom Lane wrote: >>> Personally I would call it a deal-breaker if I thought it'd affect >>> more than a very very tiny number of people. But the entire premise >>> of this patch is that nobody is using standard_conforming_strings = >>> off in production anymore. If that isn't true it's probably a >>> mistake to go forward anyway. >> FWIW, I spent a few minutes looking, and I only found issues from ~5 >> years ago about software not working with the setting off. I didn't >> see any details on what they were running in the application stack >> that required it: >> https://github.com/PostgREST/postgrest/issues/1992 >> https://github.com/npgsql/npgsql/issues/3333 > I had another one ~4 years ago: > https://github.com/powa-team/powa-archivist/issues/51 > Since I fixed powa-archivist at that time, I don't know if anyone else would > have faced the same problem, although the OP is likely still using the same > setting. So, nobody's actually spoken against this change. I think we should go forward with it, for the reasons I gave at the top of the thread and because "if not now, when?". I have little doubt that if there is anyone still running with standard_conforming_strings = off, they aren't going to change until forced to. So unless we want to live with the potential security hazard forever, we're going to have to make a breaking change sometime. regards, tom lane