On Mon, Mar 16, 2009 at 5:22 PM, Heikki Linnakangas < heikki.linnakan...@enterprisedb.com> wrote:
> Hmm, I wonder if you could do something malicious with it. Like, run a > query along the lines of "SELECT $$ (HOST=10.0.0.123) $$, connect()... " to > divert the connection to another server. Not any more malicious than a connection string in and of itself. It's only used as a hierarchical name-value pair string, nothing is executed from it. -- Jonah H. Harris, Senior DBA myYearbook.com