On Wed, Jan 09, 2002 at 02:16:19AM -0800, David D.W. Dowey wrote: > I'm willing to take the libpam-pgsql if you are willing to assign it to me. Go for it. If you want to take ownership of the code, I'd be very happy as well :)
There is a security problem with the way it accesses the database, in that single quotes are not escaped. A discussion of the problem, and a suggested fix, is here: http://cert.uni-stuttgart.de/advisories/apache_auth.php I myself don't have the time to look into this... Regards, Leon.
