Package: libapache2-mod-auth-pgsql Version: 2.0.3-6.1 Severity: important File: auth_pgsql
Dear Maintainer, file:///usr/share/doc/libapache2-mod-auth-pgsql/mod_auth_pgsql.html user is a reserved word in SQL trying to use it with mod_auth_pgsql produces invlaid queries http://www.postgresql.org/docs/8.4/static/sql-keywords-appendix.html as user resolves to the current database user this may produce uexpected results, Ite SQL is syntactically correct but semantically incorrect (it will appear to work when the only row in the auth table matches the database username) I suggest substituting username instead in the examples. Auth_PG_uid_field username Else quote it correctly double quotes for postgresql identifies and single quotes for apache to retain the double quotes: Auth_PG_uid_field '"user"' but that is a potential foot-gun id the operator forgets to use double quotes: update valid_users set password=md5('foo') where user='fred'; This is syntactically valid SQL, but semantically incorrect: it has no effect unless I am database user fred, if I am it updates every row in valid_user with the new password. -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libapache2-mod-auth-pgsql depends on: ii apache2-bin [apache2-api-20120211] 2.4.10-10 ii libc6 2.19-18 ii libpq5 9.4.1-1 libapache2-mod-auth-pgsql recommends no packages. libapache2-mod-auth-pgsql suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
