On Mon, Mar 16, 2009 at 5:22 PM, Heikki Linnakangas
<heikki.linnakangas@enterprisedb.com> wrote:
Hmm, I wonder if you could do something malicious with it. Like, run a query along the lines of "SELECT $$ (HOST=10.0.0.123) $$, connect()... " to divert the connection to another server.
Not any more malicious than a connection string in and of itself. It's only used as a hierarchical name-value pair string, nothing is executed from it.
--
Jonah H. Harris, Senior DBA
myYearbook.com