Just reread the article (actually if i had read Michael's post better)
and it states the the use of bind parameters protects against the
attach.  Still going to ask the psycoph group so see if a new beta is
on the way or not.  
Jose


> -------- Original Message --------
> Subject: RE: [Sqlalchemy-users] Postgres injection attack
> From: [EMAIL PROTECTED]
> Date: Wed, May 24, 2006 9:34 am
> To: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net>
> 
> I just read the article, very interesting.  Since current postgres
> drivers are affected I wonder how vulnerable psycopg or better yet
> psycopg2 would be.  I am going to post the question to the the psycopg
> group to see what turns up.  Micheal, does sqlalchemy use psycopg 1 or
> 2 (I have both installed)?
> Jose
> 
> 
> > -------- Original Message --------
> > Subject: Re: [Sqlalchemy-users] Postgres injection attack
> > From: David Geller <[EMAIL PROTECTED]>
> > Date: Wed, May 24, 2006 9:12 am
> > To: Michael Bayer <[EMAIL PROTECTED]>
> > Cc: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net>
> >
> > Hmmmm. Wondering if there is a similar problem for MySQL. Also, is this
> > a problem only for unicode, or does it affect things like utf-8?
> >
> > Thanks,
> > David
> >
> > Michael Bayer wrote:
> > > just saw this today and thought it was interesting....a postgres
> > > injection attack that *only* bind parameters protects against:
> > >
> > >     http://www.newsforge.com/article.pl?sid=06/05/23/2141246
> > >
> > >
> > > -------------------------------------------------------
> > > All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> > > Fully trained technicians. The highest number of Red Hat certifications in
> > > the hosting industry. Fanatical Support. Click to learn more
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> > > _______________________________________________
> > > Sqlalchemy-users mailing list
> > > Sqlalchemy-users@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
> > >
> >
> >
> > -------------------------------------------------------
> > All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> > Fully trained technicians. The highest number of Red Hat certifications in
> > the hosting industry. Fanatical Support. Click to learn more
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> > _______________________________________________
> > Sqlalchemy-users mailing list
> > Sqlalchemy-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
> 
> 
> 
> -------------------------------------------------------
> All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> Fully trained technicians. The highest number of Red Hat certifications in
> the hosting industry. Fanatical Support. Click to learn more
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> _______________________________________________
> Sqlalchemy-users mailing list
> Sqlalchemy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users



-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Sqlalchemy-users mailing list
Sqlalchemy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users

Reply via email to