Re: Embedded SQL vulnerability

From: Michael Meskes <meskes(at)postgresql(dot)org>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Embedded SQL vulnerability
Date: 2001-09-01 09:45:55
Message-ID: 20010901114555.A8789@feivel.fam-meskes.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Sat, Sep 01, 2001 at 11:12:34AM +1200, Glen Eustace wrote:
> http://cert.uni-stuttgart.de/advisories/apache_auth.php

Is this somehow related to ecpg? I just noticed the term "embedded" in the
subject. :-)

In fact ecpg does have its own function to quote escape characters. It does
not quote \0 but it does quote \' to \'\' and \\ to \\\\.

Michael
--
Michael Meskes
Michael(at)Fam-Meskes(dot)De
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Gunnar Rønning 2001-09-01 09:56:16 Re: PL/java?
Previous Message Alvaro Herrera 2001-09-01 08:46:30 Re: 2 tables, joins and same name...