Justin Clift <justin@postgresql.org> writes:
> - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain
> date values which would be accepted by standard "front end" parsing?
> So, a web application layer can request a date from a user, do standard
> integrity checks (like looking for weird characters and formatting
> hacks) on the date given, then use the date as part of a SQL query, and
> PostgreSQL will die?
It depends on the checking. If you just check that the date consists
of digits (and a few additional characters), it's possible to crash
the server.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898