| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Possible problem with PQescapeStringConn and standard_conforming_strings |
| Date: | 2006-10-26 23:46:04 |
| Message-ID: | 27152.1161906364@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Jeff Davis <pgsql(at)j-davis(dot)com> writes:
> You can set standard_conforming_strings in postgresql.conf at any time
> and reload the config, changing the value for all active connections.
> That means that if a client opens a connection, and you SIGHUP postgres,
> and then the client issues a PQescapeStringConn, the client will get an
> incorrectly-escaped string.
The window for this is pretty narrow, because PQescapeStringConn will
use the latest-delivered parameter status, but it's certainly true that
randomly changing standard_conforming_strings wouldn't be a bright idea.
Probably a documentation note recommending against changing it via
SIGHUP would be sufficient.
> This could be a security vulnerability. Webservers which hold open
> connections for long periods of time could be incorrectly escaping
> values for long periods of time
Not if they're using PQescapeStringConn. Handmade escaping code
that thinks it needn't recheck the status could be at risk ...
but realistically, handmade escaping code is likely already broken
by the mere existence of standard_conforming_strings.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Broersma Jr | 2006-10-26 23:58:14 | Re: pg_dumpall failing from possible corrupted shared memory |
| Previous Message | Jeff Davis | 2006-10-26 23:21:24 | Re: Possible problem with PQescapeStringConn and |