Re: lower() and unaccent() not leakproof
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: lower() and unaccent() not leakproof |
| Дата | |
| Msg-id | 2322C77D-2B8B-4C7E-965F-C4F20F21F8EE@yesql.se обсуждение исходный текст |
| Ответ на | Re: lower() and unaccent() not leakproof (Peter Eisentraut <peter.eisentraut@enterprisedb.com>) |
| Список | pgsql-general |
> On 26 Aug 2021, at 16:59, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote: > On 26.08.21 10:40, Daniel Gustafsson wrote: >> Wouldn’t the difference in possible error messages in upper/lower be able to >> leak whether the input is ascii or wide chars, and/or the collation? > > Yeah, but there aren't any error messages that relate to the argument string, if you look through the code. There isn'tany "could not find lower case equivalent of %s" or anything like that. Correct. My reading of "It reveals no information about its arguments other than by its return value” was that errormessages indicating different code- paths based on argument structure weren't allowed. That might have been a bit too lawyery interpretation though. -- Daniel Gustafsson https://vmware.com/
В списке pgsql-general по дате отправления: