Whole Network Most Recent TOP10 CIO Outsourcing SaaS Security

 

PostgreSQL serious security flaw

Filed in archive Security by prashanth on June 01, 2006

PostgreSQL serious security flaw

PostgreSQL users have been put in a potentially sticky situation by a serious security flaw made public this week.The flaw allows for SQL injection attacks, and affects all versions of PostgreSQL, aside from fixed versions released this week. However, the fix, PostgreSQL developers admit, will break many users' applications.

"Six PostgreSQL programmers worked for four weeks to come up with a method to fix the vulnerability without affecting production applications," said core developer Josh Berkus in documentation published to explain the complex bug. "This was the best we could do - it leaves most users' applications untouched."

Those using Far Eastern multi-byte encodings such as SJIS, BIG5, GBK, GB18030 and UHC, are out of luck, however, and will need to rework their applications for them to work after applying the patch. Specifically, they will need to remove any nonstandard stringlinks escaping mechanisms, such as the popular "backslash-escape", or at least modify them to use SQL-standard escaping, according to Berkus.He admitted the modifications would be "painful" for many users.

Source: 1

Update: Josh Berkus left a comment to this post suggesting that people read the FAQ about the security fix set up here so that they know exactly what changes they need to make and whether they are in danger.

Prashanth Rai



Advertisement


Permalink: PostgreSQL serious security flaw
Tags: Security  PostgreSQL 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/23383



Advertisement


Advertisement


CW ToolbarInstall
RSSrss   | See all blog subscribe options
Googlegoogle   |   What is RSS?
Yahoo!yahoo
AddthisAddThis Feed Button
BloglinesBloglines
Newsletter
Advertisement - Book yours here.

Use our search feature to look for other interesting posts

Just this blog Whole network
Advertisement -
Book yours here..


 
Advertisement
Book yours here.



  • Testimonials

  • 'I don't really think you should keep testimonials from the last guy here, do you?'
  • Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..






Advertisement - Book yours here..
 
Tagcloud: CIO Data Storage Enterprise Hardware Enterprise Software Events General Help Desk And Support Integration Software Management Market Perturbations Networking Offshoring Outsourcing SaaS Security SOA Sponsored Posts The Cloud The Vision Thing Virtualization