On Fri, Feb 05, 2010 at 12:09:57PM -0800, John R Pierce wrote: - that would be a function of how you use Postgresql. if you do the - typical PHP hacker style of building statements with inline values then - executing them, you're vunerable unless you totally sanitize all your - inputs. see http://xkcd.com/327/ Right, so when dealing with a high security environment you want to assume someone made a mistake and left you vunerable in this area. - >Does anyone have experience here? One of our security people found a - >generic mod_security config file that had a couple of postgres entries - >in it. Is there a full Postgres config for mod_security that the - >community recommends? - > - >Can anyone give me a good pros or cons of using mod_security when you - >have Postgres + Hibernate? - > - - isn't mod_security purely for Apache httpd applications? if you're not - using apache httpd, it seems like there's no point in using mod_security. We'll have httpd handing off to Geronimo. From what i can gather mod_security will balk at any url that contains one of it's keywords. Dave -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
