Thread: pgsql.com problem.
I emailed info@pgsql.com, cc'ed scrappy@hub.org about a suspected SQL injection problem somewhere on the site more than 3 weeks ago. No response till now, behaviour still seems the same. Any idea how I should go about this? e.g. correct contacts to use, or it's not a actually problem - the user authorization/db is configured securely so even though different SQL statements can be specified and executed, they won't be able to alter data (I haven't tried to alter data). Regards, Link.
On Thu, 2003-01-30 at 14:12, Lincoln Yeoh wrote: > I emailed info@pgsql.com, cc'ed scrappy@hub.org about a suspected SQL > injection problem somewhere on the site more than 3 weeks ago. No response > till now, behaviour still seems the same. > > Any idea how I should go about this? I'm assuming the above sentence means "I still haven't gotten a response" not "I hadn't received a response until now". Your contacts above should have worked, though perhaps they got lost in the shuffle. If you want to contact me offline, I can look into it for you and rattle any cages if need be. Robert Treat
Hrmm? I don't recall receiving this, but if you wish to re-email me, please do ... On Fri, 31 Jan 2003, Lincoln Yeoh wrote: > I emailed info@pgsql.com, cc'ed scrappy@hub.org about a suspected SQL > injection problem somewhere on the site more than 3 weeks ago. No response > till now, behaviour still seems the same. > > Any idea how I should go about this? > > e.g. correct contacts to use, or it's not a actually problem - the user > authorization/db is configured securely so even though different SQL > statements can be specified and executed, they won't be able to alter data > (I haven't tried to alter data). > > Regards, > Link. > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) >