Search Postgresql Archives

Re: How to convert escaped text column - force E prefix

Subject: Re: How to convert escaped text column - force E prefix
From: "David G. Johnston" <david.g.johnston@xxxxxxxxx>
Date: Thu, 7 Jan 2021 07:50:30 -0700
Cc: Durumdara <durumdara@xxxxxxxxx>, Postgres General <pgsql-general@xxxxxxxxxxxxxx>
In-reply-to: <CAFj8pRBh8MraS=oo14h_5KMczqNPq56BwjLVW2qU6Q5qipskFw@mail.gmail.com>
References: <CAEcMXhkfup6xm9ipbFybwquhMkgLEt4G_3Ypv7_HiLnpz0mZUg@mail.gmail.com> <CAFj8pRD+dZpTd--g0YdAEyJvSFTv+zndgZaxtkAH=-Kmdm8sBw@mail.gmail.com> <EDDF234B-B9C8-4812-BEB7-929E8756DC43@pendari.org> <CAFj8pRBJsiwxQN3sNk1hKECbB7u=yz8+DFrM+rr+=aGhqiryUQ@mail.gmail.com> <CAEcMXhncJLkyM+jzUpn8rVeszNwGUE6Q20sJQAdkY4oxYn2qvg@mail.gmail.com> <CAFj8pRBh8MraS=oo14h_5KMczqNPq56BwjLVW2qU6Q5qipskFw@mail.gmail.com>

On Thursday, January 7, 2021, Pavel Stehule <pavel.stehule@xxxxxxxxx> wrote:

The vulnerability is almost the same although it is a little bit harder to create attack strings.

Would making the function run as “security definer” and setting up a minimal permissions user/owner help with mitigation?

David J.

Follow-Ups:
- Re: How to convert escaped text column - force E prefix
  - From: Pavel Stehule

References:
- How to convert escaped text column - force E prefix
  - From: Durumdara
- Re: How to convert escaped text column - force E prefix
  - From: Pavel Stehule
- Re: How to convert escaped text column - force E prefix
  - From: Gavan Schneider
- Re: How to convert escaped text column - force E prefix
  - From: Pavel Stehule
- Re: How to convert escaped text column - force E prefix
  - From: Durumdara
- Re: How to convert escaped text column - force E prefix
  - From: Pavel Stehule