PostgreSQL 8.1.4 Released to Plug Injection Hole

PostgreSQL 8.1.4 Released to Plug Injection Hole 162

Posted by ScuttleMonkey on Tuesday May 23, 2006 @09:42PM from the good-little-dutch-boy dept.

alurkar writes to tell us that PostgreSQL released version 8.1.4 today in order to combat a security flaw allowing a SQL injection attack. From the article: "The vulnerability affects PostgreSQL servers exposed to untrusted input, such as input coming from Web forms, in conjunction with multi-byte encodings like (Shift-JIS (SJIS), 8-bit Unicode Transformation Format (UTF-8), 16-bit Unicode Transformation Format (UTF-16), and BIG5. In particular, Berkus says that applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes() and magic_quotes' are particularly unsafe. 'Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure.'"

PostgreSQL 8.1.4 Released to Plug Injection Hole

This discussion has been archived. No new comments can be posted.

Search 162 Comments Log In/Create an Account

Comments Filter:

Plug Injection Hole (Score:5, Funny)

by fudgefactor7 ( 581449 ) writes: on Tuesday May 23, 2006 @10:00PM (#15391099)

heh, heh, heh... I'll plug your injection hole, baby!

The jokes, they write themselves! (Score:4, Funny)

by Kha Na Set ( 976591 ) writes: <dankitymao.gmail@com> on Tuesday May 23, 2006 @10:16PM (#15391161)

Must....not....make....joke....about...injection hole...being plugged...

Damn, too late.

=\

Why is everybody still using this toy DB? (Score:2, Funny)

by Anonymous Coward writes: on Tuesday May 23, 2006 @10:21PM (#15391183)

That's why I prefer Postgre. Oh, wait...

Re:Josh Berkus (Score:2, Funny)

by SaDan ( 81097 ) writes: on Tuesday May 23, 2006 @10:44PM (#15391283) Homepage

"By the way, the dangling reference to a quote by one "Berkus" should be attributed to Josh Berkus." --Russ Nelson

Re:Josh Berkus (Score:3, Funny)

by LearnToSpell ( 694184 ) writes: on Wednesday May 24, 2006 @12:18AM (#15391645) Homepage

"'By the way, the dangling reference to a quote by one "Berkus" should be attributed to Josh Berkus.' --Russ Nelson" --SaDan

Re:Josh Berkus (Score:3, Funny)

by poot_rootbeer ( 188613 ) writes: on Wednesday May 24, 2006 @12:12PM (#15394937)

'"\'By the way, the dangling reference to a quote by one "Berkus" should be attributed to Josh Berkus.\' --Russ Nelson" --SaDan' --LearnToSpell

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

PostgreSQL 8.1.4 Released to Plug Injection Hole 162

PostgreSQL 8.1.4 Released to Plug Injection Hole More Login

PostgreSQL 8.1.4 Released to Plug Injection Hole

Plug Injection Hole (Score:5, Funny)

The jokes, they write themselves! (Score:4, Funny)

Why is everybody still using this toy DB? (Score:2, Funny)

Re:Josh Berkus (Score:2, Funny)

Re:Josh Berkus (Score:3, Funny)

Re:Josh Berkus (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot