On May 23, 2006, at 11:02 PM, Michael Bayer wrote:
just saw this today and thought it was interesting....a postgres
injection attack that *only* bind parameters protects against:
http://www.newsforge.com/article.pl?sid=06/05/23/2141246
it looks as if only bind parameters currently protect against this,
and the patch just rejects invalid entries that aren't supplied using
placeholders
| - - - - - - - - - - - - - - - - - - - -
| RoadSound.com / Indie-Rock.net
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Sqlalchemy-users mailing list
Sqlalchemy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
