Search Postgresql Archives

Re: Need help with quote escaping in exim for postgresql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Marc Haber <mh+pgsql-general@xxxxxxxxxxxx>
Subject: Re: Need help with quote escaping in exim for postgresql
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Sun, 09 Jul 2006 19:23:13 +0200
Cc: pgsql-general@xxxxxxxxxxxxxx
In-reply-to: <20060707145314.GD7485@xxxxxxxxx> (Martijn van Oosterhout's message of "Fri, 7 Jul 2006 16:53:14 +0200")
References: <20060707134800.GN3936@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060707145314.GD7485@xxxxxxxxx>

* Martijn van Oosterhout:

>     * If application always sends untrusted strings as out-of-line
> parameters, instead of embedding them into SQL commands, it is not
> vulnerable.

This paragraph should explictly mention PQexecParams (which everybody
should use anyway).

It seems that Exim's architecture prevents the use of PQexecParams,
though.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- Need help with quote escaping in exim for postgresql
  - From: Marc Haber
- Re: Need help with quote escaping in exim for postgresql
  - From: Martijn van Oosterhout

Prev by Date: Re: Procedural language functions across servers
Next by Date: Re: Need help with quote escaping in exim for postgresql
Previous by thread: Re: Need help with quote escaping in exim for postgresql
Next by thread: Re: Need help with quote escaping in exim for postgresql
Index(es):
- Date
- Thread

[Index of Archives] [Postgresql Jobs] [Postgresql Admin] [Postgresql Performance] [Linux Clusters] [PHP Home] [PHP on Windows] [Kernel Newbies] [PHP Classes] [PHP Books] [PHP Databases] [Postgresql & PHP] [Yosemite]

Powered by Linux