On Mon, 23 Aug 2010 15:08:11 +0200 Marcin Mirosław <mar...@mejor.pl> wrote:
[...] > Value of "standard_conforming_strings" is going to change in default > configuration. In 8.4 it's off, in 9.1 will be on. > I have read that about the setting to be on in 9.1 and afterward. > This value doesn't > exist in postgresql earlier than 8.2. > Aha. This I have not known. > Quote from postgresql doc, section PQescapeBytea: > "The only difference from PQescapeByteaConn is that PQescapeBytea does > not take a PGconn parameter. Because of this, it cannot adjust its > behavior depending on the connection properties (in particular, whether > standard-conforming strings are enabled) ..." > Well... We already take care of this. I mean the escaping of the signature data. > Imvho, should we worry about standard_conforming_strings? > Yes. We should. > Function > PQescapeByteaConn should do escaping in right way. If we don't want > pgdriver to use E'' (performance) dspam should check if pgsql>=8.2 then > "set standard_conforming_strings=on" and PQescapeByteaConn should > properly encode data. > The same about varchar: PQescapeStringConn should take parameters of > connection and do correct escaping. > It's theory :) > Well... we need anyway to escape the signature data or we need to switch the way how data is written back to PostgreSQL or read from it. > Btw, problem could be if dspam would connect to pgsql<7.4 , but should > dspam worry about dinosaur? > What should I say? The current code works on pgsql < 7.4 too. btw: We should encode any string that is coming from external in order to avoid a SQL injection. This basically means that almost all VARCHAR should be encoded with PQescapeStringConn. I think that command is available after 7.3. Older releases (7.2.8 and older) only have PQescapeString. > Regards, > Marcin > > -- > xmpp (jabber): marcin [at] mejor.pl > www: http://blog.mejor.pl/ > -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Dspam-devel mailing list Dspam-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-devel
