Home > mailing lists

Re: How to convert escaped text column - force E prefix - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: How to convert escaped text column - force E prefix
Date	January 7, 2021 14:50:30
Msg-id	CAKFQuwbds3P6DOh_KD2YfsW8sT-LRhjCtWit_H3SkgGofxTO_A@mail.gmail.com Whole thread Raw
In response to	Re: How to convert escaped text column - force E prefix (Pavel Stehule <pavel.stehule@gmail.com>)
Responses	Re: How to convert escaped text column - force E prefix
List	pgsql-general

On Thursday, January 7, 2021, Pavel Stehule <pavel.stehule@gmail.com> wrote:

The vulnerability is almost the same although it is a little bit harder to create attack strings.

Would making the function run as “security definer” and setting up a minimal permissions user/owner help with mitigation?

David J.

From: Paul Förster
Date: 07 January 2021, 14:08:31
Subject: Re: Using more than one LDAP?

From: Pavel Stehule
Date: 07 January 2021, 15:14:29
Subject: Re: How to convert escaped text column - force E prefix