Re: Fwd: Bug#372115: Last security update of postgresql-contrib breaks database replication with DBMirror.pl

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Martin Pitt <martin(at)piware(dot)de>
Cc: PostgreSQL Bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: Fwd: Bug#372115: Last security update of postgresql-contrib breaks database replication with DBMirror.pl
Date: 2006-06-10 16:38:20
Message-ID: 780.1149957500@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Martin Pitt <martin(at)piware(dot)de> writes:
> Does anyone know DBMirror.pl? The proposed fix seems wrong since it
> just reverts the behavior to the old quote escaping style.

I don't know it, but the function being complained of seems exactly the
sort of ad-hoc escaping logic that the security update warns you should
get rid of. (I fear we failed to notice it because it was in Perl not C
:-() I think it should be rewritten from the ground up. Does the Pg
Perl module expose PQescapeString by any chance? Relying on that would
be far better than letting this code live.

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2006-06-10 23:30:19 Re: BUG #2475: Row limit problem
Previous Message Bruce Momjian 2006-06-10 16:02:35 Re: Fwd: Bug#372115: Last security update of postgresql-contrib