Re: How to convert escaped text column - force E prefix

2021-01-07 Thread Pavel Stehule
čt 7. 1. 2021 v 15:50 odesílatel David G. Johnston < david.g.johns...@gmail.com> napsal: > On Thursday, January 7, 2021, Pavel Stehule > wrote: > >> >> >> The vulnerability is almost the same although it is a little bit harder >> to create attack strings. >> > > Would making the function run as “

Re: How to convert escaped text column - force E prefix

2021-01-07 Thread David G. Johnston
On Thursday, January 7, 2021, Pavel Stehule wrote: > > > The vulnerability is almost the same although it is a little bit harder to > create attack strings. > Would making the function run as “security definer” and setting up a minimal permissions user/owner help with mitigation? David J.

Re: How to convert escaped text column - force E prefix

2021-01-07 Thread Pavel Stehule
čt 7. 1. 2021 v 12:13 odesílatel Durumdara napsal: > Dear Members! > > > > Pavel Stehule ezt írta (időpont: 2021. jan. 6., > Sze, 12:03): > >> >> >> >> it cannot work, because \ will be replaced by \\ >> >> postgres=# CREATE OR REPLACE FUNCTION public.unistr(text) >> RETURNS text >> LANGUAGE

Re: How to convert escaped text column - force E prefix

2021-01-07 Thread Durumdara
Dear Members! Pavel Stehule ezt írta (időpont: 2021. jan. 6., Sze, 12:03): > > > > it cannot work, because \ will be replaced by \\ > > postgres=# CREATE OR REPLACE FUNCTION public.unistr(text) > RETURNS text > LANGUAGE plpgsql > IMMUTABLE STRICT > AS $function$ > declare r text; > begin

Re: How to convert escaped text column - force E prefix

2021-01-06 Thread Pavel Stehule
st 6. 1. 2021 v 10:54 odesílatel Gavan Schneider napsal: > On 6 Jan 2021, at 19:43, Pavel Stehule wrote: > > Currently there are not any functions that you need. You need to write > your > own. > > CREATE OR REPLACE FUNCTION public.unistr(text) > RETURNS text > LANGUAGE plpgsql > IMMUTABLE

Re: How to convert escaped text column - force E prefix

2021-01-06 Thread Gavan Schneider
On 6 Jan 2021, at 19:43, Pavel Stehule wrote: Currently there are not any functions that you need. You need to write your own. CREATE OR REPLACE FUNCTION public.unistr(text) RETURNS text LANGUAGE plpgsql IMMUTABLE STRICT AS $function$ de

Re: How to convert escaped text column - force E prefix

2021-01-06 Thread Pavel Stehule
Hi st 6. 1. 2021 v 8:55 odesílatel Durumdara napsal: > Dear Members! > > A web developer stores JSON like strings in a text column. > > With E prefix we can get the real text: > > Select E'Az ad\u00f3kulcsonk\u00e9nti' > > Hungarian: "Az adókulcsonkénti" (ISO-8859-2) > > How to get the same resu

How to convert escaped text column - force E prefix

2021-01-05 Thread Durumdara
Dear Members! A web developer stores JSON like strings in a text column. With E prefix we can get the real text: Select E'Az ad\u00f3kulcsonk\u00e9nti' Hungarian: "Az adókulcsonkénti" (ISO-8859-2) How to get the same result from a table column? select WhatAFunction( ATable.JSONLikeTextColumn)