Skip site navigation (1) Skip section navigation (2)

Re: Unable to connect to PostgreSQL Server: Permission denied

From: Mariusz Pękala <skoot(at)qi(dot)pl>
To: pgsql-php(at)postgresql(dot)org
Subject: Re: Unable to connect to PostgreSQL Server: Permission denied
Date: 2006-04-04 21:26:32
Message-ID: 20060404212632.GA9480@cthulhu.sdi.tpnet.pl (view raw or flat)
Thread:
Lists: pgsql-php
On 2006-04-04 19:35:10 +0200 (Tue, Apr), Pawel Bernat wrote:
> On Mon, Apr 03, 2006 at 10:01:23PM +0200, Mariusz Pękala wrote:
> > Telnet is not the best tool for binary protocols.
> > You may try netcat (nc), but anyway - this test is not significant
> > here.
> It doesn't matter here.

Okay, you're saying my English isn't perfect ? :-)

> > Don't let the untrusted parameters to go into query. Someone may call
> > your page like this:
> > http://example.com/add-entry.php?Email=a'); delete from Addresses; --
> Nothing wrong will happen.

Why?
Unless I really overlooked something, I would humbly disagree.

1) It is possible to put a few sql requests in one string.

2) Relying on 'magic_quotes_gpc' and *possible* addslashes() is a bad thing,
IMHO.

So, where is my mistake?


-- 
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.

In response to

pgsql-php by date

Next:From: Eric MauvièreDate: 2006-04-12 14:20:17
Subject: binary cursor returning truncated data
Previous:From: Pawel BernatDate: 2006-04-04 17:35:10
Subject: Re: Unable to connect to PostgreSQL Server: Permission denied

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group