From: | Barry Lind <blind(at)xythos(dot)com> |
---|---|
To: | joe user <palehaole(at)yahoo(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: SQL injection bug for null-terminated strings? |
Date: | 2003-09-01 22:46:15 |
Message-ID: | 3F53CC37.9040902@xythos.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Also patched into the latest 7.3 build.
--Barry
Kris Jurka wrote:
>
> On Sun, 31 Aug 2003, joe user wrote:
>
>
>>>From looking at some logs, it looks like there might
>>be an SQL injection bug with null-terminated strings.
>>Is this a known problem? If it is not, I will try to
>>write a test program to trigger it.
>>
>
>
> This has been fixed in the development version of the driver.
>
> See the following, check revision 1.29
>
> http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
>
> Kris Jurka
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>
From | Date | Subject | |
---|---|---|---|
Next Message | Fernando Nasser | 2003-09-01 22:55:58 | Re: Callable Statements |
Previous Message | Lufkin, Brad | 2003-09-01 15:22:07 | Re: Caching |