't want the
error clogging up my logs. But I don't want to suppress the
error as the query is business-critical and I need to know
if anything goes wrong.
I'd welcome suggestions as to how I can get this query to
run without throwing a date/time error when the result set
2337
etc...
Any pointers would be much appreciated!
------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
ple of
hours of agony, I suspect.
------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
ness of moving the queries into
the database against SQL injection attack would seem to depend on the
query engine internals. Will using the SQL functions provide the
robust protection I am looking for?
--
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
-
ww.net-security.org/article.php?id=571
But so far as I can see, Peter's suggestion should provide a workable
robust solution. So thanks again!
--
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
---(end of broadcast)---
T
s easier to adopt a
particular style of programming ("any query using untrusted data MUST
be a parameterised prepared statement") than to analyse each and every
untrusted parameter for attack signatures? Or am I missing something
here?
--
Geoff Caplan
Vario Software
(+44) 1
omatically)
Are you saying that "@bar" is part of the Postgres query syntax? If it
is, I can't find it in the 7.4 docs. What do you mean by "the
parameterised formats"? I would appreciate a clarification and the URL
of the relevant documentation.
Thanks
-
n PHP, Tcl etc?
For example, with SQL Server, it appears you can slip in a
single-quote using encodings that are cast to ASCII #39 by the server.
Also, what about pg functions like convert()? Could they be used to
smuggle in a breakout character?
Looked at like this, perhaps robust escaping is
Tom,
Belated thanks for the info (I've been away from my desk).
Very helpful.
------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
ecord-set?
There will probably be 6-8 SELECTs & UPDATEs for each INSERT.
I appreciate that I could set up some tests, but I am under the hammer
time-wise. Some rule-of-thumb advice from the list would be most
welcome.
------
Geoff Caplan
Vario Software Ltd
(+44) 121
e the sequence to cache some
>>> number of entries so that they are pre-allocated and stored in memory
>>> for each session (e.g. - for each connection) for quicker access. See
>>> the documentation for "create sequence" for more details.
ut problems.
- I re-intalled phpPgAdmin from scratch.
So, advice would be very welcome - it's a great app and I am missing
it!
Geoff Caplan
Caplan Associates
PS I did post this to the phpPgAdmin specialist list but without
reply. Sorry for the cross posting, but I am very keen to get this
fixe
ut problems.
- I re-intalled phpPgAdmin from scratch.
So, advice would be very welcome - it's a great app and I am missing
it!
Geoff Caplan
Caplan Associates
PS I did post this to the phpPgAdmin specialist list but without
reply. Sorry for the cross posting, but I am very keen to get this
fixe
ration file,
and it shows up ok if I "echo $PGDATA" in the shell. But none of the
postgres utilities such as "initdb" seem to be able to find it.
What don't I understand? I have already checked the docs/GreatBridge
manual/faqs/archive, so I would very much appreciate some help.
Geoff Caplan
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
running, but pg_ctl can't find it
- postmaster has started with the default datapath and is ignoring
$PGDATA
I get the same result if I launch automatically during startup.
Can anyone please help me make some sense of this? I am losing the
will to live...
Geoff C
top quality docs require specific skills and
resources which it is perhaps unreasonable to expect from an open source
project. It will probably take a commercial effort from GreatBridge or a
book to improve things. GreatBridge have made a start. I hope they continue
to test and develop their docs
16 matches
Mail list logo
