I just read the article, very interesting.  Since current postgres
drivers are affected I wonder how vulnerable psycopg or better yet
psycopg2 would be.  I am going to post the question to the the psycopg
group to see what turns up.  Micheal, does sqlalchemy use psycopg 1 or
2 (I have both installed)?
Jose


> -------- Original Message --------
> Subject: Re: [Sqlalchemy-users] Postgres injection attack
> From: David Geller <[EMAIL PROTECTED]>
> Date: Wed, May 24, 2006 9:12 am
> To: Michael Bayer <[EMAIL PROTECTED]>
> Cc: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net>
>
> Hmmmm. Wondering if there is a similar problem for MySQL. Also, is this
> a problem only for unicode, or does it affect things like utf-8?
>
> Thanks,
> David
>
> Michael Bayer wrote:
> > just saw this today and thought it was interesting....a postgres
> > injection attack that *only* bind parameters protects against:
> >
> >     http://www.newsforge.com/article.pl?sid=06/05/23/2141246
> >
> >
> > -------------------------------------------------------
> > All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> > Fully trained technicians. The highest number of Red Hat certifications in
> > the hosting industry. Fanatical Support. Click to learn more
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> > _______________________________________________
> > Sqlalchemy-users mailing list
> > Sqlalchemy-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
> >
>
>
> -------------------------------------------------------
> All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> Fully trained technicians. The highest number of Red Hat certifications in
> the hosting industry. Fanatical Support. Click to learn more
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> _______________________________________________
> Sqlalchemy-users mailing list
> Sqlalchemy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users



-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Sqlalchemy-users mailing list
Sqlalchemy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users

Reply via email to