Just reread the article (actually if i had read Michael's post better) and it states the the use of bind parameters protects against the attach. Still going to ask the psycoph group so see if a new beta is on the way or not. Jose
> -------- Original Message -------- > Subject: RE: [Sqlalchemy-users] Postgres injection attack > From: [EMAIL PROTECTED] > Date: Wed, May 24, 2006 9:34 am > To: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net> > > I just read the article, very interesting. Since current postgres > drivers are affected I wonder how vulnerable psycopg or better yet > psycopg2 would be. I am going to post the question to the the psycopg > group to see what turns up. Micheal, does sqlalchemy use psycopg 1 or > 2 (I have both installed)? > Jose > > > > -------- Original Message -------- > > Subject: Re: [Sqlalchemy-users] Postgres injection attack > > From: David Geller <[EMAIL PROTECTED]> > > Date: Wed, May 24, 2006 9:12 am > > To: Michael Bayer <[EMAIL PROTECTED]> > > Cc: sqlalchemy-users <sqlalchemy-users@lists.sourceforge.net> > > > > Hmmmm. Wondering if there is a similar problem for MySQL. Also, is this > > a problem only for unicode, or does it affect things like utf-8? > > > > Thanks, > > David > > > > Michael Bayer wrote: > > > just saw this today and thought it was interesting....a postgres > > > injection attack that *only* bind parameters protects against: > > > > > > http://www.newsforge.com/article.pl?sid=06/05/23/2141246 > > > > > > > > > ------------------------------------------------------- > > > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > > > Fully trained technicians. The highest number of Red Hat certifications in > > > the hosting industry. Fanatical Support. Click to learn more > > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 > > > _______________________________________________ > > > Sqlalchemy-users mailing list > > > Sqlalchemy-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users > > > > > > > > > ------------------------------------------------------- > > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > > Fully trained technicians. The highest number of Red Hat certifications in > > the hosting industry. Fanatical Support. Click to learn more > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 > > _______________________________________________ > > Sqlalchemy-users mailing list > > Sqlalchemy-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users > > > > ------------------------------------------------------- > All the advantages of Linux Managed Hosting--Without the Cost and Risk! > Fully trained technicians. The highest number of Red Hat certifications in > the hosting industry. Fanatical Support. Click to learn more > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 > _______________________________________________ > Sqlalchemy-users mailing list > Sqlalchemy-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ Sqlalchemy-users mailing list Sqlalchemy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
