mailing list archives
Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 31 Mar 2012 17:41:15 -0600
On 03/31/2012 10:20 AM, Steffen Dettmer wrote:
when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
version 9.1 database, escaping of JDBC statement parameters does
not work and SQL injection attacks are possible.
I believe this is covered in the list archives.
Kurt Seifried Red Hat Security Response Team (SRT)