PostgreSQL 8.1.4 Released to Plug Injection Hole 162
alurkar writes to tell us that PostgreSQL released version 8.1.4 today in order to combat a security flaw allowing a SQL injection attack. From the article: "The vulnerability affects PostgreSQL servers exposed to untrusted input, such as input coming from Web forms, in conjunction with multi-byte encodings like (Shift-JIS (SJIS), 8-bit Unicode Transformation Format (UTF-8), 16-bit Unicode Transformation Format (UTF-16), and BIG5. In particular, Berkus says that applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. 'Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure.'"
Plug Injection Hole (Score:5, Funny)
The jokes, they write themselves! (Score:4, Funny)
Damn, too late.
=\
Why is everybody still using this toy DB? (Score:2, Funny)
Re:Josh Berkus (Score:2, Funny)
Re:Josh Berkus (Score:3, Funny)
Re:Josh Berkus (Score:3, Funny)