Menu
▾
▴
Re: [Sqlgrey-users] RELEASE: 1.4.0, security bugfix
|
From: HaJo S. <ha...@ha...> - 2004-12-13 11:47:16
|
On Sat, 2004-12-11 at 02:27, Lionel Bouton wrote: > Hi, > > 1.4.0 is released on sourceforge. There was a window left for SQL > injection that was reported this morning, it is fixed in this version. Appears good. A few thoughts though: - Shouldn't sqlgrey be placed in /usr/sbin rather than /usr/bin? - Ever thought of a "live update" of the whitelists rather than supplying them with the source/rpm. Ie sqlgrey in say weekly intervals loading them from sqlgrey.sf.net? - Is /var/sqlgrey really necessary? Wouldn't it be enough to start sqlgrey in /tmp? Tnx, HaJo -- HaJo Schatz <ha...@ha...> http://www.HaJo.Net PGP-Key: http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt |
