Peter Rabbitson wrote:
Josh Berkus wrote:
However, the reason why we added the warning is that we figured out in
2006 that \\ escapes are a SQL injection vulnerability (this goes for
MySQL as well). It's possible by version 8.5 (2010) PostgreSQL will
stop supporting them.
Interesting... Can you cite some CVE reference or what have you? Google
does not seem to be my friend today.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313
Not sure where the MySQL announcement is. These issues affect them equally.
--Josh
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
