On 09/30/2010 12:31 PM, Oleg wrote:
yehhh... just had a look to postgresql docu.. I found that both
parameters
'standard_conforming_strings' and 'backslash_quote' were introduced in
security update 7.4.13
My client has 7.4.3.. with a lot of security problems :) I give him
know about it.
Furthe
yehhh... just had a look to postgresql docu.. I found that both
parameters
'standard_conforming_strings' and 'backslash_quote' were introduced in
security update 7.4.13
My client has 7.4.3.. with a lot of security problems :) I give him
know about it.
On Sep 30, 4:05 pm, mdipierro wrote:
> that
that may work but you would need to try.
try insert a ' and \ in a text field and see if you get any
OperationalError
On Sep 30, 8:59 am, Adrian Klaver wrote:
> On Thursday 30 September 2010 6:47:38 am mdipierro wrote:
>
> > The problem is that postgresql before 8.2 was not conform to the SQL
>
On Thursday 30 September 2010 6:47:38 am mdipierro wrote:
> The problem is that postgresql before 8.2 was not conform to the SQL
> specs and uses
>
> \' to escape quotes instead of ''
>
> even in 8.2 it was optional and had to be set with the command that
> gives you trouble.
>
>
If its only a mat
The problem is that postgresql before 8.2 was not conform to the SQL
specs and uses
\' to escape quotes instead of ''
even in 8.2 it was optional and had to be set with the command that
gives you trouble.
1)
One thing you can do is use this validator
class IS_SAFE():
def __init__(self): pas
Oops.. You are right.. hm... what would you recommend in this case?
Is it possible to make some kind protection on web2py level?
Should I just apply this patch always locally for every new version
web2py? :)
On Sep 30, 3:14 pm, mdipierro wrote:
> You app is vulnerable to SQL injections. Anybod
You app is vulnerable to SQL injections. Anybody can get in. period.
On Sep 30, 5:30 am, Oleg wrote:
> Much older :) My client has PostgreSQL 7.4. They have there some
> sensitive pharma-data and don't wanna
> migrate to new one in next few years.. :( :(
>
> What kind of vulnerability do you mean
Much older :) My client has PostgreSQL 7.4. They have there some
sensitive pharma-data and don't wanna
migrate to new one in next few years.. :( :(
What kind of vulnerability do you mean? What would you recommend in
this case?
Thank you
On Sep 30, 2:38 am, mdipierro wrote:
> Which postgresql
Which postgresql version to you have? If you don't have this parameter
you probably have 8.1 or older. That causes a major security
vulnerability with web2py.
On Sep 29, 4:44 pm, Oleg Butovich wrote:
> subj. with error:
> RuntimeError: unrecognized configuration parameter
> "standard_conforming_
9 matches
Mail list logo