Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Possible problem with PQescapeStringConn and standard_conforming_strings
- From: Jeff Davis <pgsql(at)j-davis(dot)com>
- To: pgsql-general(at)postgresql(dot)org
- Subject: Possible problem with PQescapeStringConn and standard_conforming_strings
- Date: Thu, 26 Oct 2006 16:19:38 -0700
You can set standard_conforming_strings in postgresql.conf at any time and reload the config, changing the value for all active connections. That means that if a client opens a connection, and you SIGHUP postgres, and then the client issues a PQescapeStringConn, the client will get an incorrectly-escaped string. This could be a security vulnerability. Webservers which hold open connections for long periods of time could be incorrectly escaping values for long periods of time -- between the SIGHUP that changed standard_conforming_strings, and the time the connection is closed. Should we change standard_conforming_strings so that it only takes effect on new connections (or server restart, if we must)? Are there other similar settings that affect PQescapeStringConn? Regards, Jeff Davis
- Follow-Ups:
- Re: Possible problem with PQescapeStringConn and standard_conforming_strings
- From: Tom Lane
- Re: Possible problem with PQescapeStringConn and
- From: Jeff Davis
- Re: Possible problem with PQescapeStringConn and standard_conforming_strings
- Prev by Date: Re: Compiling ELF 64-bit on Solaris
- Next by Date: Re: Possible problem with PQescapeStringConn and
- Previous by thread: schema 8.1.5
- Next by thread: Re: Possible problem with PQescapeStringConn and
- Indexes: