- 07 Aug, 2003 5 commits
-
-
Bruce Momjian authored
output C files to proper compile again.
-
Bruce Momjian authored
apply. Joe Conway
-
Bruce Momjian authored
compiles.
-
Barry Lind authored
vulnerability. This fix completely removes the ability (hack) of being able to bind a list of values in an in clause. It was demonstrated that by allowing that functionality you open up the possibility for certain types of sql injection attacks. The previous fix attempts all focused on preventing the insertion of additional sql statements (the semi-colon problem: xxx; any new sql statement here). But that still left the ability to change the where clause on the current statement or perform a subselect which can circumvent applicaiton security logic and/or allow you to call any stored function. Modified Files: jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
-
Bruce Momjian authored
-
- 06 Aug, 2003 10 commits
-
-
Barry Lind authored
he supplied a few months ago, but didn't get around to docing until now. And he also added some doc for calling stored functions in general from jdbc that was missing. Modified Files: sgml/jdbc.sgml
-
Bruce Momjian authored
> o Add ALTER DATABASE ... OWNER TO newowner
-
Tom Lane authored
macros in some platforms' sys/socket.h.
-
Tom Lane authored
spinlock. Per recent pghackers discussion.
-
Tom Lane authored
something wider than int on that platform. Also, remove bogus assumption that sizeof("INT_MAX") has something to do with the maximum number of digits in an int. -
Teodor Sigaev authored
-
Teodor Sigaev authored
-
Teodor Sigaev authored
-
Barry Lind authored
when a cursor wasn't being used. Modified Files: jdbc/org/postgresql/jdbc1/AbstractJdbc1ResultSet.java
-
Bruce Momjian authored
-
- 05 Aug, 2003 14 commits
-
-
Tom Lane authored
writing one more value into return arrays than will fit. This is potentially a stack smash, though I do not think it is a problem in current uses of the routine, since a failure return causes elog anyway.
-
Tom Lane authored
in HAVE_INT64_TIMESTAMP cases, including two potential stack smashes when more than six fractional digits were supplied. Per bug report from Philipp Reisner.
-
Bruce Momjian authored
Prevent interval from supressing ':00' seconds display
-
Bruce Momjian authored
-
Bruce Momjian authored
-
Bruce Momjian authored
-
Bruce Momjian authored
-
Bruce Momjian authored
-
Bruce Momjian authored
-
Bruce Momjian authored
-
PostgreSQL Daemon authored
can't mix and match .gz and .bz2 in here ... won't build
-
PostgreSQL Daemon authored
seeing if building bz2 distributions actually works ...
-
PostgreSQL Daemon authored
remove src/data from target list
-
Bruce Momjian authored
-
- 04 Aug, 2003 11 commits
-
-
Tom Lane authored
so it won't miss 'em again.
-
PostgreSQL Daemon authored
change tag to 7.4beta1 and update the Copyright to 2003 Guess what folks? We are now in Beta!!
-
Tom Lane authored
-
Bruce Momjian authored
-
Tom Lane authored
from Garrick Staples.
-
Tom Lane authored
object files do not get built with -fpic.
-
Tom Lane authored
-
Tom Lane authored
-
Tom Lane authored
Joe Conway
-
Tom Lane authored
and send() very well at all; and in any case we can't use retval==0 for EOF due to race conditions. Make the same fixes in the backend as are required in libpq.
-
Tom Lane authored
-
