On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
> Check out this link, if you need something to laugh at:
> http://www.postgresql.org/idocs/index.php?1'
>
> Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
> it is
> very dangerous i guess. Right?
I'm not sure what list this really fits onto so I've left as hackers.
The old argument about data validation and whose job it is. However, is there a
reason why all CGI parameters aren't scanned and rejected if they contain
any punctuation. I was going to say if they contain anything non alphanumeric
but then I'm not sure about internationalisation and that test.
--
Nigel J. Andrews