| From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: non-standard escapes in string literals |
| Date: | 2002-06-06 19:00:49 |
| Message-ID: | 5.1.0.14.1.20020607012740.056c6080@192.228.128.13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Yes it's speculation. The implementation at the DB isn't there, neither are
the associated DBD/JDBC/ODBC drivers for it.
Basically if the fallacies aren't in postgresql _if_ the decision is to
implement it, I'd be happy.
I was just noting (perhaps superfluously) that backspaces and friends
(nulls) have been useful for exploiting databases (and other programs).
Recently at least one multibyte character (0x81a2) allowed potential
security problems with certain configurations/installations of Postgresql.
Would switching to the standard cause such problems to be less or more
likely? Would making it an option make such problems more likely?
Cheerio,
Link.
p.s. Even +++AT[H]<cr>(remove square brackets and <cr> = carriage return)
as data can cause problems sometimes - esp with crappy modems. Once there
was a site whose EDI metadata had lots of +++ and they were experiencing
"bad connections" <grin>...
At 07:10 PM 6/6/02 +0200, Peter Eisentraut wrote:
>Lincoln Yeoh writes:
>
> > However raw control characters can still cause problems in the various
> > stages from the source to the DB.
>
>I still don't see why. You are merely speculating about implementation
>fallacies that aren't there.
>
>--
>Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2002-06-06 19:11:51 | Re: Straight-from-the-horses-mouth dept |
| Previous Message | Bruce Momjian | 2002-06-06 17:57:05 | Re: Roadmap for a Win32 port |