Fri Jul 6 11:40:27 PDT 2007
- Previous message: [Slony1-commit] slony1-engine/src/slon runtime_config.c
- Next message: [Slony1-commit] slony1-engine/doc/adminguide slonyupgrade.sgml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Update of /home/cvsd/slony1/slony1-engine In directory main.slony.info:/tmp/cvs-serv16187 Modified Files: TODO Log Message: Per Vivek Khera, note in TODO that we shouldn't email around SQL scripts representing test results; this is an injection attack waiting to happen... Index: TODO =================================================================== RCS file: /home/cvsd/slony1/slony1-engine/TODO,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** TODO 5 Jul 2007 19:50:01 -0000 1.4 --- TODO 6 Jul 2007 18:40:25 -0000 1.5 *************** *** 54,57 **** --- 54,69 ---- - Clone Node - use pg_dump/PITR to populate a new subscriber node + - test scripts should generate output that can be readily aggregated. + + Initial prototype has them generating SQL output; unfortunately, + if we accept this from arbitrary sources, this is the very picture + of an SQL injection attack. Before doing that, we'll need to + turn it into some suitable tabular/delimited format that can be + parsed into SQL. + + When defining what data there should be, it is useful to use SQL for + now. But this needs NOT to be the form transmitted "across the + wire." + Wishful Thinking ----------------------------
- Previous message: [Slony1-commit] slony1-engine/src/slon runtime_config.c
- Next message: [Slony1-commit] slony1-engine/doc/adminguide slonyupgrade.sgml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-commit mailing list