I just read the article, very interesting. Since current postgres drivers are affected I wonder how vulnerable psycopg or better yet psycopg2 would be. I am going to post the question to the the psycopg group to see what turns up. Micheal, does sqlalchemy use psycopg 1 or 2 (I have both installed)? Jose
> -------- Original Message -------- > Subject: Re: [Sqlalchemy-users] Postgres injection attack > From: David Geller <[EMAIL PROTECTED]> > Date: Wed, May 24, 2006 9:12 am > To: Michael Bayer <[EMAIL PROTECTED]> > Cc: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net> > > Hmmmm. Wondering if there is a similar problem for MySQL. Also, is this > a problem only for unicode, or does it affect things like utf-8? > > Thanks, > David > > Michael Bayer wrote: > > just saw this today and thought it was interesting....a postgres > > injection attack that *only* bind parameters protects against: > > > > http://www.newsforge.com/article.pl?sid=06/05/23/2141246 > > > > > > ------------------------------------------------------- > > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > > Fully trained technicians. The highest number of Red Hat certifications in > > the hosting industry. Fanatical Support. Click to learn more > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 > > _______________________________________________ > > Sqlalchemy-users mailing list > > Sqlalchemy-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users > > > > > ------------------------------------------------------- > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > Fully trained technicians. The highest number of Red Hat certifications in > the hosting industry. Fanatical Support. Click to learn more > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 > _______________________________________________ > Sqlalchemy-users mailing list > Sqlalchemy-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ Sqlalchemy-users mailing list Sqlalchemy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
