- Add identifier validation for database names in PostgreSQL and MySQL
- validateIdentifier() rejects names with invalid characters
- quoteIdentifier() safely quotes identifiers with proper escaping
- Max length: 63 chars (PostgreSQL), 64 chars (MySQL)
- Only allows alphanumeric + underscores, must start with letter/underscore
- Fix data race in notification manager
- Multiple goroutines were appending to shared error slice
- Added errMu sync.Mutex to protect concurrent error collection
- Security improvements prevent:
- SQL injection via malicious database names
- CREATE DATABASE `foo`; DROP DATABASE production; --`
- Race conditions causing lost or corrupted error data
Alexander Renz
9d8a6e763e