Yarko has discovered a major potential vulnerability in web2py with
postgresql if the latter is misconfigured.
If you are using postgresql make sure you have the setting
standard_conforming_strings(on);
(I believe this is the default in 8.3 but not in earlier versions).
Otherwise your apps may be vulnerable to SQL injections.
Since the current trunk, the above flag is set automatically by
web2py.
Massimo
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
