- 27 Jun, 2006 1 commit
-
-
Bruce Momjian authored
Christopher Kings-Lynne
-
- 23 May, 2006 1 commit
-
-
Bruce Momjian authored
the thread-safety status of the library.
-
- 21 May, 2006 1 commit
-
-
Tom Lane authored
and standard_conforming_strings. The encoding changes are needed for proper escaping in multibyte encodings, as per the SQL-injection vulnerabilities noted in CVE-2006-2313 and CVE-2006-2314. Concurrent fixes are being applied to the server to ensure that it rejects queries that may have been corrupted by attempted SQL injection, but this merely guarantees that unpatched clients will fail rather than allow injection. An actual fix requires changing the client-side code. While at it we have also fixed these routines to understand about standard_conforming_strings, so that the upcoming changeover to SQL-spec string syntax can be somewhat transparent to client code. Since the existing API of PQescapeString and PQescapeBytea provides no way to inform them which settings are in use, these functions are now deprecated in favor of new functions PQescapeStringConn and PQescapeByteaConn. The new functions take the PGconn to which the string will be sent as an additional parameter, and look inside the connection structure to determine what to do. So as to provide some functionality for clients using the old functions, libpq stores the latest encoding and standard_conforming_strings values received from the backend in static variables, and the old functions consult these variables. This will work reliably in clients using only one Postgres connection at a time, or even multiple connections if they all use the same encoding and string syntax settings; which should cover many practical scenarios. Clients that use homebrew escaping methods, such as PHP's addslashes() function or even hardwired regexp substitution, will require extra effort to fix :-(. It is strongly recommended that such code be replaced by use of PQescapeStringConn/PQescapeByteaConn if at all feasible.
-
- 17 May, 2006 1 commit
-
-
Bruce Momjian authored
well as a blank pghost.
-
- 06 May, 2006 1 commit
-
-
Bruce Momjian authored
-
- 23 Apr, 2006 1 commit
-
-
Bruce Momjian authored
compatibility for release 7.2 and earlier. I have not altered any mentions of release 7.3 or later. The release notes were not modified, so the changes are still documented, just not in the main docs.
-
- 10 Mar, 2006 1 commit
-
-
Bruce Momjian authored
-
- 03 Mar, 2006 1 commit
-
-
Tom Lane authored
and tighten up its sanity checking of the tag as a safety measure. Volkan Yazici.
-
- 01 Mar, 2006 1 commit
-
-
Bruce Momjian authored
-
- 28 Feb, 2006 2 commits
-
-
Bruce Momjian authored
-
Bruce Momjian authored
-
- 26 Dec, 2005 1 commit
-
-
Peter Eisentraut authored
-
- 23 Dec, 2005 1 commit
-
-
Tom Lane authored
modify the previous \password patch to use it instead of depending on a not-officially-exported function. Per discussion.
-
- 04 Nov, 2005 1 commit
-
-
Peter Eisentraut authored
-
- 27 Oct, 2005 1 commit
-
-
Bruce Momjian authored
-
- 24 Oct, 2005 1 commit
-
-
Bruce Momjian authored
PQregisterThreadLock(). I also remove the crypt() mention in the libpq threading section and added a single sentence in the client-auth manual page under crypt(). Crypt authentication is so old now that a separate paragraph about it seemed unwise. I also added a comment about our use of locking around pqGetpwuid().
-
- 20 Oct, 2005 2 commits
-
-
Tom Lane authored
a parameter in binary format. Also, add a TIP explaining how to use casts in the query text to avoid needing to specify parameter types by OID. Also fix bogus spacing --- apparently somebody expanded the tabs in the example programs to 8 spaces instead of 4 when transposing them into SGML.
-
Neil Conway authored
-
- 17 Oct, 2005 1 commit
-
-
Tom Lane authored
exported routines of ip.c, md5.c, and fe-auth.c to begin with 'pg_'. Also get rid of the vestigial fe_setauthsvc/fe_getauthsvc routines altogether.
-
- 13 Oct, 2005 2 commits
-
-
Bruce Momjian authored
-
Bruce Momjian authored
applications that use FILE pointers.
-
- 25 Sep, 2005 2 commits
-
-
Bruce Momjian authored
-
Bruce Momjian authored
DLL compiles to not match the application.
-
- 14 Aug, 2005 1 commit
-
-
Peter Eisentraut authored
-
- 27 Jun, 2005 1 commit
-
-
Neil Conway authored
some security issues, and upstream has declared it "dead". Patch from Magnus Hagander, minor editorialization from Neil Conway.
-
- 26 Jun, 2005 1 commit
-
-
Tom Lane authored
with main, avoid using a SQL-defined SQLSTATE for what is most definitely not a SQL-compatible error condition, fix documentation omissions, adhere to message style guidelines, don't use two GUC_REPORT variables when one is sufficient. Nothing done about pg_dump issues.
-
- 21 Jun, 2005 1 commit
-
-
Tom Lane authored
unlike template0 and template1 does not have any special status in terms of backend functionality. However, all external utilities such as createuser and createdb now connect to "postgres" instead of template1, and the documentation is changed to encourage people to use "postgres" instead of template1 as a play area. This should fix some longstanding gotchas involving unexpected propagation of database objects by createdb (when you used template1 without understanding the implications), as well as ameliorating the problem that CREATE DATABASE is unhappy if anyone else is connected to template1. Patch by Dave Page, minor editing by Tom Lane. All per recent pghackers discussions.
-
- 12 Jun, 2005 1 commit
-
-
Neil Conway authored
patch adds missing checks to the call sites of malloc(), strdup(), PQmakeEmptyPGresult(), pqResultAlloc(), and pqResultStrdup(), and updates the documentation. Per original report from Volkan Yazici about PQmakeEmptyPGresult() not checking for malloc() failure.
-
- 10 Jun, 2005 1 commit
-
-
Bruce Momjian authored
file. Andrew Dunstan
-
- 09 Jun, 2005 1 commit
-
-
Tom Lane authored
Per Volkan Yazici.
-
- 04 Jun, 2005 1 commit
-
-
Bruce Momjian authored
Allow kerberos name and username case sensitivity to be specified from postgresql.conf. --------------------------------------------------------------------------- Here's an updated version of the patch, with the following changes: 1) No longer uses "service name" as "application version". It's instead hardcoded as "postgres". It could be argued that this part should be backpatched to 8.0, but it doesn't make a big difference until you can start changing it with GUC / connection parameters. This change only affects kerberos 5, not 4. 2) Now downcases kerberos usernames when the client is running on win32. 3) Adds guc option for "krb_caseins_users" to make the server ignore case mismatch which is required by some KDCs such as Active Directory. Off by default, per discussion with Tom. This change only affects kerberos 5, not 4. 4) Updated so it doesn't conflict with the rendevouz/bonjour patch already in ;-) Magnus Hagander
-
- 30 May, 2005 1 commit
-
-
Bruce Momjian authored
-
- 26 Feb, 2005 2 commits
-
-
Bruce Momjian authored
! authentication. Use of this environment variable is not ! recommended for security reasons (some operating systems ! allow non-root users to see process environment variables via ! <application>ps</>); instead consider using the ! <filename>~/.pgpass</> file (see <xref linkend="libpq-pgpass">).
-
Bruce Momjian authored
-
- 14 Jan, 2005 1 commit
-
-
Bruce Momjian authored
-
- 08 Jan, 2005 1 commit
-
-
Tom Lane authored
-
- 06 Jan, 2005 2 commits
- 28 Dec, 2004 2 commits