You app is vulnerable to SQL injections. Anybody can get in. period.
On Sep 30, 5:30 am, Oleg <[email protected]> wrote: > Much older :) My client has PostgreSQL 7.4. They have there some > sensitive pharma-data and don't wanna > migrate to new one in next few years.. :( :( > > What kind of vulnerability do you mean? What would you recommend in > this case? > > Thank you > > On Sep 30, 2:38 am, mdipierro <[email protected]> wrote: > > > Which postgresql version to you have? If you don't have this parameter > > you probably have 8.1 or older. That causes a major security > > vulnerability with web2py. > > > On Sep 29, 4:44 pm, Oleg Butovich <[email protected]> wrote: > > > > subj. with error: > > > RuntimeError: unrecognized configuration parameter > > > "standard_conforming_strings" > > > (tried 5 times) > > > > I propose set standard_conforming_strings only if it defined.. :) > > > > See attached patch > > > > legacy_postgres.patch > > > 1KViewDownload > >
