Whole Network CIO Enterprise Soft... Help Desk And S... Outsourcing SaaS Security Virtualization

« Technology Negotiations -... | Main | Oracle's rivals - Open So... »

PostgreSQL serious security flaw

Filed in archive Security by prashanth on June 1, 2006

PostgreSQL users have been put in a potentially sticky situation by a serious security flaw made public this week.The flaw allows for SQL injection attacks, and affects all versions of PostgreSQL, aside from fixed versions released this week. However, the fix, PostgreSQL developers admit, will break many users' applications.

"Six PostgreSQL programmers worked for four weeks to come up with a method to fix the vulnerability without affecting production applications," said core developer Josh Berkus in documentation published to explain the complex bug. "This was the best we could do - it leaves most users' applications untouched."

Those using Far Eastern multi-byte encodings such as SJIS, BIG5, GBK, GB18030 and UHC, are out of luck, however, and will need to rework their applications for them to work after applying the patch. Specifically, they will need to remove any nonstandard string links escaping mechanisms, such as the popular "backslash-escape", or at least modify them to use SQL-standard escaping, according to Berkus.He admitted the modifications would be "painful" for many users.

Source: 1

Update: Josh Berkus left a comment to this post suggesting that people read the FAQ about the security fix set up here so that they know exactly what changes they need to make and whether they are in danger.

Prashanth Rai

Permalink: PostgreSQL serious security flaw
Tags: Security PostgreSQL

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/23383

Bookmark this entry:

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Mr Wong

Netscape

Netvousz

Newsvine

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Related Entries:

Major update to the Rational Unified Process - 20 October 2005

Windows Wi-Fi Security Flaw Discovered - 16 January 2006

2005 Open Source Summit..Gartner - 20 January 2006

Nissan goes with Hyperion - Consolidation Management Of Glob... - 24 June 2006

Researcher Highlights Blackberry Security Flaw - 07 August 2006

A Quick Summary of the Broadcom Wi-Fi Security Issue - 14 November 2006

Critical AOL Security Flaw Exposed - 01 October 2007

GEMoney Announces Security Breach Affecting Over 600,000 Con... - 21 January 2008

Vote for PostgreSQL serious security flaw:

Currently 2.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 2.00 out of 2 vote(s) cast.

Add your response to PostgreSQL serious security flaw: Response from: Josh Berkus (06/01/06 4:00pm) Prashanth, please link people to the FAQ about the security fix: http://www.postgresql.org/docs/techdocs.48 so that they know exactly what changes they need to make and whether they are in danger. Thanks.
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to The CIO Weblog newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter
Grouptivity

Use the search to look for other interesting posts

Contributors (Last 90 days)
Scott Wilson (43)
This site has 1505 entries and is powered by Creative Weblogging since December 2004.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Advertise with us
Learn more about our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.

Marketplace

Online MBA Degrees

Testimonials
'I don't really think you should keep testimonials from the last guy here, do you?'

Other blogs in the same channel in the Creative Weblogging Network

Technology
BlogWealth

HackITLinux

Googlestack

Java Entrepreneur

Nanotechbuzz

On Storage

P2P File Sharing

The VoIP Weblog

Disclaimer
Some of the contents of this site are protected Creative Weblogging Inc. 2004-2009.

Tell a friend about PostgreSQL serious security flaw
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

PostgreSQL serious security flaw

Filed in archive Security by prashanth on June 1, 2006

Bookmark this entry:

Related Entries:

Vote for PostgreSQL serious security flaw:

Add your response to PostgreSQL serious security flaw:

Tell a friend about PostgreSQL serious security flaw

Categories

Archives

Our Editors recommend

Contributors (Last 90 days)

Advertise with us

Marketplace

Most popular

Testimonials

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Technology

Disclaimer

Find other popular posts from our other blogs:

BlogWealth

HackITLinux

Nanotechbuzz

Java Entrepreneur

On Storage

The VoIP Weblog