| From: | Doug McNaught <doug(at)wireboard(dot)com> |
|---|---|
| To: | Glen Eustace <geustace(at)godzone(dot)net(dot)nz> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Embedded SQL vulnerability |
| Date: | 2001-09-01 00:26:32 |
| Message-ID: | m3elprsqmf.fsf@belphigor.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Glen Eustace <geustace(at)godzone(dot)net(dot)nz> writes:
> Has anyone added anything into the client library along the lines of the
> suggestion made in
>
> http://cert.uni-stuttgart.de/advisories/apache_auth.php
>
> I have just upgraded to 7.1.3 on RH7.1, I wasn't going to bother with the
> source. But we do use our database for authentication and consequently are
> vulnerable.
A patch did go in just recently, but didn't make it into 7.1.3.
You can always do the escaping yourself--the patch just makes the
escape call available in the library; it doesn't automatically fix
your code.
-Doug
--
Free Dmitry Sklyarov!
http://www.freesklyarov.org/
We will return to our regularly scheduled signature shortly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sean Chittenden | 2001-09-01 00:38:41 | Re: Deployment of PostgreSQL Applications |
| Previous Message | Robert J. Sanford, Jr. | 2001-08-31 23:15:06 | Re: PL/java? |