Skip site navigation (1) Skip section navigation (2)

Re: possible design bug with PQescapeString()

From: Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp>
To: andrew(at)supernews(dot)com
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: possible design bug with PQescapeString()
Date: 2006-02-28 01:14:33
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers

I have sent an email to cores to ask if I am OK to bring another but
closely related to this issue to open discussions, whose details have
already been sent to them. The reason why I'm asking is, if this issue
could be open, then the issue might be open too and that makes
discussions easier.

At this point, I get no response from them so far.
Tatsuo Ishii
SRA OSS, Inc. Japan

> Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> writes:
> > I guess I understand whay you are saying. However, I am not allowed to
> > talk to you about it unless cores allow me. Probably we need some
> > closed forum to discuss this kind of security issues.
> Considering that you've already described the problem on pgsql-hackers,
> I hardly see how further discussion is going to create a bigger security
> breach than already exists.
> (I'm of the opinion that the problem is mostly a client problem anyway;
> AFAICS the issue only comes up if client software fails to consider
> encoding issues while doing escaping.  There is certainly no way that
> we can magically solve the problem in a new PG release, and so trying
> to keep it quiet until we can work out a solution seems pointless.)
> 			regards, tom lane
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend

In response to

pgsql-hackers by date

Next:From: James William PyeDate: 2006-02-28 01:48:21
Subject: Re: Scanning for insert
Previous:From: Bruce MomjianDate: 2006-02-28 01:14:10
Subject: Re: wal sync method

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group