Oops.. You are right.. hm... what would you recommend in this case? Is it possible to make some kind protection on web2py level?
Should I just apply this patch always locally for every new version web2py? :) On Sep 30, 3:14 pm, mdipierro <[email protected]> wrote: > You app is vulnerable to SQL injections. Anybody can get in. period. > > On Sep 30, 5:30 am, Oleg <[email protected]> wrote: > > > > > Much older :) My client has PostgreSQL 7.4. They have there some > > sensitive pharma-data and don't wanna > > migrate to new one in next few years.. :( :( > > > What kind of vulnerability do you mean? What would you recommend in > > this case? > > > Thank you > > > On Sep 30, 2:38 am, mdipierro <[email protected]> wrote: > > > > Which postgresql version to you have? If you don't have this parameter > > > you probably have 8.1 or older. That causes a major security > > > vulnerability with web2py. > > > > On Sep 29, 4:44 pm, Oleg Butovich <[email protected]> wrote: > > > > > subj. with error: > > > > RuntimeError: unrecognized configuration parameter > > > > "standard_conforming_strings" > > > > (tried 5 times) > > > > > I propose set standard_conforming_strings only if it defined.. :) > > > > > See attached patch > > > > > legacy_postgres.patch > > > > 1KViewDownload
