- 07 8月, 2003 6 次提交
-
-
由 Barry Lind 提交于
vulnerability. This fix completely removes the ability (hack) of being able to bind a list of values in an in clause. It was demonstrated that by allowing that functionality you open up the possibility for certain types of sql injection attacks. The previous fix attempts all focused on preventing the insertion of additional sql statements (the semi-colon problem: xxx; any new sql statement here). But that still left the ability to change the where clause on the current statement or perform a subselect which can circumvent applicaiton security logic and/or allow you to call any stored function. Modified Files: jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
-
由 Bruce Momjian 提交于
-
由 Barry Lind 提交于
he supplied a few months ago, but didn't get around to docing until now. And he also added some doc for calling stored functions in general from jdbc that was missing. Modified Files: sgml/jdbc.sgml
-
由 Bruce Momjian 提交于
> o Add ALTER DATABASE ... OWNER TO newowner
-
由 Tom Lane 提交于
macros in some platforms' sys/socket.h.
-
由 Tom Lane 提交于
spinlock. Per recent pghackers discussion.
-
- 06 8月, 2003 8 次提交
-
-
由 Tom Lane 提交于
something wider than int on that platform. Also, remove bogus assumption that sizeof("INT_MAX") has something to do with the maximum number of digits in an int.
-
由 Teodor Sigaev 提交于
-
由 Teodor Sigaev 提交于
-
由 Teodor Sigaev 提交于
-
由 Barry Lind 提交于
when a cursor wasn't being used. Modified Files: jdbc/org/postgresql/jdbc1/AbstractJdbc1ResultSet.java
-
由 Bruce Momjian 提交于
-
由 Tom Lane 提交于
writing one more value into return arrays than will fit. This is potentially a stack smash, though I do not think it is a problem in current uses of the routine, since a failure return causes elog anyway.
-
由 Tom Lane 提交于
in HAVE_INT64_TIMESTAMP cases, including two potential stack smashes when more than six fractional digits were supplied. Per bug report from Philipp Reisner.
-
- 05 8月, 2003 24 次提交
-
-
由 Bruce Momjian 提交于
Prevent interval from supressing ':00' seconds display
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 PostgreSQL Daemon 提交于
can't mix and match .gz and .bz2 in here ... won't build
-
由 PostgreSQL Daemon 提交于
seeing if building bz2 distributions actually works ...
-
由 PostgreSQL Daemon 提交于
remove src/data from target list
-
由 Bruce Momjian 提交于
-
由 Tom Lane 提交于
so it won't miss 'em again.
-
由 PostgreSQL Daemon 提交于
change tag to 7.4beta1 and update the Copyright to 2003 Guess what folks? We are now in Beta!!
-
由 Tom Lane 提交于
-
由 Bruce Momjian 提交于
-
由 Tom Lane 提交于
from Garrick Staples.
-
由 Tom Lane 提交于
object files do not get built with -fpic.
-
由 Tom Lane 提交于
-
由 Tom Lane 提交于
-
由 Tom Lane 提交于
Joe Conway
-
由 Tom Lane 提交于
and send() very well at all; and in any case we can't use retval==0 for EOF due to race conditions. Make the same fixes in the backend as are required in libpq.
-
由 Tom Lane 提交于
-
由 Bruce Momjian 提交于
-
- 04 8月, 2003 2 次提交