Geoff Caplan wrote:
> Are the standard escaping functions found in the PHP, Tcl etc APIs to
> Postgres bombproof? Are there any encodings that might slip through
> and be cast to malicious strings inside Postgres? What about functions
> like convert(): could they be used to slip something through the
> escaping function?
What about writing nessus plugin(s) or a specific scanner for these
escaping issues ? I don't know if a such thing already exists...
In response to
pgsql-general by date
|Next:||From: Neil Zanella||Date: 2004-07-31 19:57:27|
|Subject: pdql, pg_dump, and pg_restore|
|Previous:||From: Joe Lester||Date: 2004-07-31 16:25:55|
|Subject: shared_buffers Question|