Home > mailing lists

Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. - Mailing list pgsql-hackers

From	Jonah H. Harris
Subject	Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client.
Date	March 16, 2009 21:25:47
Msg-id	36e682920903161425p50a78c55raa21e48c24f83049@mail.gmail.com Whole thread Raw
In response to	Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>)
List	pgsql-hackers

Tree view

On Mon, Mar 16, 2009 at 5:22 PM, Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> wrote:

Hmm, I wonder if you could do something malicious with it. Like, run a query along the lines of "SELECT $$ (HOST=10.0.0.123) $$, connect()... " to divert the connection to another server.

Not any more malicious than a connection string in and of itself. It's only used as a hierarchical name-value pair string, nothing is executed from it.

--
Jonah H. Harris, Senior DBA
myYearbook.com

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 16 March 2009, 21:23:12
Subject: Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client.

From: Robert Haas
Date: 16 March 2009, 21:43:27
Subject: Re: small but useful patches for text search

Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. - Mailing list pgsql-hackers

Previous

Next