On Fri, Feb 05, 2010 at 12:09:57PM -0800, John R Pierce wrote:
- that would be a function of how you use Postgresql.   if you do the 
- typical PHP hacker style of building statements with inline values then 
- executing them, you're vunerable unless you totally sanitize all your 
- inputs.     see http://xkcd.com/327/

Right, so when dealing with a high security environment you want to assume
someone made a mistake and left you vunerable in this area.

- >Does anyone have experience here? One of our security people found a 
- >generic mod_security config file that had a couple of postgres entries 
- >in it. Is there a full Postgres config for mod_security that the 
- >community recommends?
- >
- >Can anyone give me a good pros or cons of using mod_security when you 
- >have Postgres + Hibernate?
- >
- 
- isn't mod_security purely for Apache httpd applications?  if you're not 
- using apache httpd, it seems like there's no point in using mod_security.

We'll have httpd handing off to Geronimo. From what i can gather mod_security
will balk at any url that contains one of it's keywords. 

Dave

In response to

• Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story) at 2010-02-05 20:09:57 from John R Pierce

pgsql-general by date

Next:	From: David Kerr	Date: 2010-02-08 16:25:43
	Subject: Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)
Previous:	From: Tom Lane	Date: 2010-02-08 16:19:10
	Subject: Re: Re: [GENERAL] FM format modifier does not remove leading zero from year