Geoff Caplan wrote:
Are the standard escaping functions found in the PHP, Tcl etc APIs to
Postgres bombproof? Are there any encodings that might slip through
and be cast to malicious strings inside Postgres? What about functions
like convert(): could they be used to slip something through the
escaping function?
What about writing nessus plugin(s) or a specific scanner for these
escaping issues ? I don't know if a such thing already exists...
--
Olivier
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
