Martin Pitt <[EMAIL PROTECTED]> writes:
> Does anyone know DBMirror.pl? The proposed fix seems wrong since it
> just reverts the behavior to the old quote escaping style.
I don't know it, but the function being complained of seems exactly the
sort of ad-hoc escaping logic that the security update warns you should
get rid of. (I fear we failed to notice it because it was in Perl not C
:-() I think it should be rewritten from the ground up. Does the Pg
Perl module expose PQescapeString by any chance? Relying on that would
be far better than letting this code live.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
