On May 23, 2006, at 11:02 PM, Michael Bayer wrote:

just saw this today and thought it was interesting....a postgres injection attack that *only* bind parameters protects against:

        http://www.newsforge.com/article.pl?sid=06/05/23/2141246

it looks as if only bind parameters currently protect against this, and the patch just rejects invalid entries that aren't supplied using placeholders






| - - - - - - - - - - - - - - - - - - - -
| RoadSound.com / Indie-Rock.net
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - -






-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Sqlalchemy-users mailing list
Sqlalchemy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users

Reply via email to