Search Postgresql Archives

Re: How to convert escaped text column - force E prefix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



čt 7. 1. 2021 v 15:50 odesílatel David G. Johnston <david.g.johnston@xxxxxxxxx> napsal:
On Thursday, January 7, 2021, Pavel Stehule <pavel.stehule@xxxxxxxxx> wrote:


The vulnerability is almost the same although it is a little bit harder to create attack strings.

Would making the function run as “security definer” and setting up a minimal permissions user/owner help with mitigation?

yes. It is a very different usage of security definer functions, but it can work.

Regards

Pavel


David J. 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux