Quick Links

Re: SQL injection bug for null-terminated strings?

From:	Kris Jurka <books(at)ejurka(dot)com>
To:	joe user <palehaole(at)yahoo(dot)com>
Cc:	<pgsql-jdbc(at)postgresql(dot)org>
Subject:	Re: SQL injection bug for null-terminated strings?
Date:	2003-09-01 10:31:55
Message-ID:	Pine.LNX.4.33.0309010629390.27036-100000@leary.csoft.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-jdbc

On Sun, 31 Aug 2003, joe user wrote:

> >From looking at some logs, it looks like there might
> be an SQL injection bug with null-terminated strings.
> Is this a known problem? If it is not, I will try to
> write a test program to trigger it.
>

This has been fixed in the development version of the driver.

See the following, check revision 1.29

http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java

Kris Jurka

In response to

SQL injection bug for null-terminated strings? at 2003-09-01 04:01:50 from joe user

Responses

Re: SQL injection bug for null-terminated strings? at 2003-09-01 22:46:15 from Barry Lind

Browse pgsql-jdbc by date

	From	Date	Subject
Next Message	Juan Diego Hernandez Fonseca	2003-09-01 12:19:42	unsuscribe
Previous Message	Kris Jurka	2003-09-01 10:27:20	Re: Further getLastOID() woes