Home > mailing lists

Re: How to convert escaped text column - force E prefix - Mailing list pgsql-general

From	Pavel Stehule
Subject	Re: How to convert escaped text column - force E prefix
Date	January 7, 2021 15:14:29
Msg-id	CAFj8pRAN+GTJH1XjsKH3eYxxmoLAsrF8UpOQw+76ihCC-oU5sA@mail.gmail.com Whole thread Raw
In response to	Re: How to convert escaped text column - force E prefix ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-general

Tree view

čt 7. 1. 2021 v 15:50 odesílatel David G. Johnston <david.g.johnston@gmail.com> napsal:

On Thursday, January 7, 2021, Pavel Stehule <pavel.stehule@gmail.com> wrote:

The vulnerability is almost the same although it is a little bit harder to create attack strings.

Would making the function run as “security definer” and setting up a minimal permissions user/owner help with mitigation?

yes. It is a very different usage of security definer functions, but it can work.

Regards

Pavel

David J.

pgsql-general by date:

From: "David G. Johnston"
Date: 07 January 2021, 14:50:30
Subject: Re: How to convert escaped text column - force E prefix

From: "Markhof, Ingolf"
Date: 07 January 2021, 16:19:25
Subject: How to keep format of views source code as entered?

Re: How to convert escaped text column - force E prefix - Mailing list pgsql-general

Previous

Next