"Albe Laurenz" <[EMAIL PROTECTED]> writes:
> It seems to me that UTF-8 databases are safe.
IIRC we determined that using UTF8 *on both the client and server sides*
is safe. You can get burnt with combinations such as server_encoding =
UTF8 and client_encoding = SJIS (exposing PQescapeString's nai
I have been experimenting with the exploit described in
http://www.postgresql.org/docs/techdocs.50 to see if our databases
are affected.
Server is 8.1.3, database encoding UTF8.
Client is a C program compiled and linked against libpq version 8.1.3
that uses UTF8 encoding.
I sent the following que