Yarko has discovered a major potential vulnerability in web2py with
postgresql if the latter is misconfigured.
If you are using postgresql make sure you have the setting
standard_conforming_strings(on);
(I believe this is the default in 8.3 but not in earlier versions).
Otherwise your apps may be vulnerable to SQL injections.
Since the current trunk, the above flag is set automatically by
web2py.
Massimo
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
