Re: How to convert escaped text column - force E prefix

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
Cc: Durumdara <durumdara(at)gmail(dot)com>, Postgres General <pgsql-general(at)postgresql(dot)org>
Subject: Re: How to convert escaped text column - force E prefix
Date: 2021-01-07 14:50:30
Message-ID: CAKFQuwbds3P6DOh_KD2YfsW8sT-LRhjCtWit_H3SkgGofxTO_A@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Thursday, January 7, 2021, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:

>
>
> The vulnerability is almost the same although it is a little bit harder to
> create attack strings.
>

Would making the function run as “security definer” and setting up a
minimal permissions user/owner help with mitigation?

David J.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Pavel Stehule 2021-01-07 15:14:29 Re: How to convert escaped text column - force E prefix
Previous Message Paul Förster 2021-01-07 14:08:31 Re: Using more than one LDAP?