Skip site navigation (1) Skip section navigation (2)

Re: Correct escaping of untrusted data

From: Olivier Guilyardi <ml(at)xung(dot)org>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Correct escaping of untrusted data
Date: 2004-07-31 19:44:18
Message-ID: 410BF692.9000604@xung.org (view raw or flat)
Thread:
Lists: pgsql-general
Geoff Caplan wrote:

> Are the standard escaping functions found in the PHP, Tcl etc APIs to
> Postgres bombproof? Are there any encodings that might slip through
> and be cast to malicious strings inside Postgres? What about functions
> like convert(): could they be used to slip something through the
> escaping function?

What about writing nessus plugin(s) or a specific scanner for these
escaping issues ? I don't know if a such thing already exists...

--
     Olivier

In response to

pgsql-general by date

Next:From: Neil ZanellaDate: 2004-07-31 19:57:27
Subject: pdql, pg_dump, and pg_restore
Previous:From: Joe LesterDate: 2004-07-31 16:25:55
Subject: shared_buffers Question

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group