Re: Embedded SQL vulnerability

On Saturday 01 September 2001 12:26, Doug McNaught wrote:
>
> A patch did go in just recently, but didn't make it into 7.1.3.
>
> You can always do the escaping yourself--the patch just makes the
> escape call available in the library; it doesn't automatically fix
> your code.

Agreed, but if it were in a library that I am linking already, then I don't
need to either have a library of  my own or add code to 'escape' to each
programme.

In the interim, I have simply added the code to mod_auth_pgsql

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Glen and Rosanne Eustace,
GodZone Internet Services, a division of AGRE Enterprises Ltd.,
P.O. Box 8020, Palmerston North, New Zealand 5301
Ph/Fax: +64 6 357 8168, Mob: +64 21 424 015