PostgreSQL security releases
PostgreSQL security releases
[Security] Posted May 23, 2006 17:24 UTC (Tue) by corbet
The PostgreSQL team has put out a set of "urgent updates" closing a newly-discovered set of SQL injection issues. Details about the problem can be found on the technical information page; in short: multi-byte encodings can be used to defeat normal string sanitizing techniques. The update fixes one problem related to invalid multi-byte characters, but punts on another by simply disallowing the old, unsafe technique of escaping single quotes with a backslash.