marcin mank wrote:
A certain prominent web framework has a nasty SQL injection bug when PG is configured with SCS. This bug is not present without SCS (details per email for interested PG hackers). I say, hold it off.
Any web framework that interpolates user supplied values into SQL rather than using placeholders is broken from the get go, IMNSHO. I'm not saying that there aren't reasons to hold up moving to SCS, but this isn't one of them.
cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
