Re: a vulnerability in PostgreSQL

> > Oops. How about:
> > 
> > foo'; DROP TABLE t1; -- foo
> > 
> > The last ' gets removed, leaving -- (81a2).
> > 
> > So you get:
> > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2)
> 
> This surely works:-< Ok, you gave me an enough example that shows even
> 7.1.x and 7.0.x are not safe.
> 
> Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be
> posted soon.

Included are patches for 7.0.3 and 6.5.3 I promised.

BTW,

>I hope you won't make this standard practice. Because there are quite 
>significant differences that make upgrading from 7.1.x to 7.2 troublesome. 
>I can't name them offhand but they've appeared on the list from time to time.

I tend to agree above but am not sure making backport patches are
core's job. I have been providing patches for PostgreSQL for years in
Japan, and people there seem to be welcome such kind of
services. However, supporting previous versions is not a trivial job
and I don't want core members to spend their valuable time for that
kind of job, since making backport patches could be done by anyone who
are familiar with PostgreSQL.
--
Tatsuo Ishii