Home > mailing lists

Re: question about security hole CVE-2006-2313 and UTF-8 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: question about security hole CVE-2006-2313 and UTF-8
Date	May 29, 2006 16:01:18
Msg-id	14708.1148918469@sss.pgh.pa.us Whole thread Raw
In response to	question about security hole CVE-2006-2313 and UTF-8 ("Albe Laurenz" <all@adv.magwien.gv.at>)
List	pgsql-hackers

Tree view

"Albe Laurenz" <all@adv.magwien.gv.at> writes:
> It seems to me that UTF-8 databases are safe.

IIRC we determined that using UTF8 *on both the client and server sides*
is safe.  You can get burnt with combinations such as server_encoding =
UTF8 and client_encoding = SJIS (exposing PQescapeString's naivete),
or with client_encoding = UTF8 and server_encoding = anything else
(exposing the server's weak validity checking during conversion).
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 29 May 2006, 15:52:01
Subject: Re: some question about deadlock

From: "ipig"
Date: 29 May 2006, 16:11:11
Subject: Re: some question about deadlock

Re: question about security hole CVE-2006-2313 and UTF-8 - Mailing list pgsql-hackers

Previous

Next