403Webshell
Server IP : 103.119.228.120  /  Your IP : 18.227.52.248
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/doc/postgresql-9.2.24/html/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /usr/share/doc/postgresql-9.2.24/html/release-8-1-4.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Release 8.1.4</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.2.24 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Release Notes"
HREF="release.html"><LINK
REL="PREVIOUS"
TITLE="Release 8.1.5"
HREF="release-8-1-5.html"><LINK
REL="NEXT"
TITLE="Release 8.1.3"
HREF="release-8-1-3.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2017-11-06T22:43:11"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.2.24 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="Release 8.1.5"
HREF="release-8-1-5.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="release.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Appendix E. Release Notes</TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="Release 8.1.3"
HREF="release-8-1-3.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RELEASE-8-1-4"
>E.165. Release 8.1.4</A
></H1
><DIV
CLASS="FORMALPARA"
><P
><B
>Release date: </B
>2006-05-23</P
></DIV
><P
>   This release contains a variety of fixes from 8.1.3,
   including patches for extremely serious security issues.
   For information about new features in the 8.1 major release, see
   <A
HREF="release-8-1.html"
>Section E.169</A
>.
  </P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN136615"
>E.165.1. Migration to Version 8.1.4</A
></H2
><P
>    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see <A
HREF="release-8-1-2.html"
>Section E.167</A
>.
   </P
><P
>    Full security against the SQL-injection attacks described in
    CVE-2006-2313 and CVE-2006-2314 might require changes in application
    code.  If you have applications that embed untrustworthy strings
    into SQL commands, you should examine them as soon as possible to
    ensure that they are using recommended escaping techniques.  In
    most cases, applications should be using subroutines provided by
    libraries or drivers (such as <SPAN
CLASS="APPLICATION"
>libpq</SPAN
>'s
    <CODE
CLASS="FUNCTION"
>PQescapeStringConn()</CODE
>) to perform string escaping,
    rather than relying on <I
CLASS="FOREIGNPHRASE"
>ad hoc</I
> code to do it.
   </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN136623"
>E.165.2. Changes</A
></H2
><P
></P
><UL
><LI
><P
>Change the server to reject invalidly-encoded multibyte
characters in all cases (Tatsuo, Tom)</P
><P
>While <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> has been moving in this direction for
some time, the checks are now applied uniformly to all encodings and all
textual input, and are now always errors not merely warnings.  This change
defends against SQL-injection attacks of the type described in CVE-2006-2313.</P
></LI
><LI
><P
>Reject unsafe uses of <TT
CLASS="LITERAL"
>\'</TT
> in string literals</P
><P
>As a server-side defense against SQL-injection attacks of the type
described in CVE-2006-2314, the server now only accepts <TT
CLASS="LITERAL"
>''</TT
> and not
<TT
CLASS="LITERAL"
>\'</TT
> as a representation of ASCII single quote in SQL string
literals.  By default, <TT
CLASS="LITERAL"
>\'</TT
> is rejected only when
<TT
CLASS="VARNAME"
>client_encoding</TT
> is set to a client-only encoding (SJIS, BIG5, GBK,
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <TT
CLASS="VARNAME"
>backslash_quote</TT
> is available to
adjust this behavior when needed.  Note that full security against
CVE-2006-2314 might require client-side changes; the purpose of
<TT
CLASS="VARNAME"
>backslash_quote</TT
> is in part to make it obvious that insecure
clients are insecure.</P
></LI
><LI
><P
>Modify <SPAN
CLASS="APPLICATION"
>libpq</SPAN
>'s string-escaping routines to be
aware of encoding considerations and
<TT
CLASS="VARNAME"
>standard_conforming_strings</TT
></P
><P
>This fixes <SPAN
CLASS="APPLICATION"
>libpq</SPAN
>-using applications for the security
issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs
them against the planned changeover to SQL-standard string literal syntax.
Applications that use multiple <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> connections
concurrently should migrate to <CODE
CLASS="FUNCTION"
>PQescapeStringConn()</CODE
> and
<CODE
CLASS="FUNCTION"
>PQescapeByteaConn()</CODE
> to ensure that escaping is done correctly
for the settings in use in each database connection.  Applications that
do string escaping <SPAN
CLASS="QUOTE"
>"by hand"</SPAN
> should be modified to rely on library
routines instead.</P
></LI
><LI
><P
>Fix weak key selection in pgcrypto (Marko Kreen)</P
><P
>Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by <CODE
CLASS="FUNCTION"
>pgp_sym_encrypt()</CODE
> in some cases.
This only affects non-OpenSSL-using builds.</P
></LI
><LI
><P
>Fix some incorrect encoding conversion functions</P
><P
><CODE
CLASS="FUNCTION"
>win1251_to_iso</CODE
>, <CODE
CLASS="FUNCTION"
>win866_to_iso</CODE
>,
<CODE
CLASS="FUNCTION"
>euc_tw_to_big5</CODE
>, <CODE
CLASS="FUNCTION"
>euc_tw_to_mic</CODE
>,
<CODE
CLASS="FUNCTION"
>mic_to_euc_tw</CODE
> were all broken to varying
extents.</P
></LI
><LI
><P
>Clean up stray remaining uses of <TT
CLASS="LITERAL"
>\'</TT
> in strings
(Bruce, Jan)</P
></LI
><LI
><P
>Make autovacuum visible in <TT
CLASS="STRUCTNAME"
>pg_stat_activity</TT
>
(Alvaro)</P
></LI
><LI
><P
>Disable <TT
CLASS="LITERAL"
>full_page_writes</TT
> (Tom)</P
><P
>In certain cases, having <TT
CLASS="LITERAL"
>full_page_writes</TT
> off would cause
crash recovery to fail.  A proper fix will appear in 8.2; for now it's just
disabled.</P
></LI
><LI
><P
>Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)</P
></LI
><LI
><P
>Fix incorrect optimization in merge join (Tom)</P
><P
>Outer joins could sometimes emit multiple copies of unmatched rows.</P
></LI
><LI
><P
>Fix crash from using and modifying a plpgsql function in the
same transaction</P
></LI
><LI
><P
>Fix WAL replay for case where a B-Tree index has been
truncated</P
></LI
><LI
><P
>Fix <TT
CLASS="LITERAL"
>SIMILAR TO</TT
> for patterns involving
<TT
CLASS="LITERAL"
>|</TT
> (Tom)</P
></LI
><LI
><P
>Fix <TT
CLASS="COMMAND"
>SELECT INTO</TT
> and <TT
CLASS="COMMAND"
>CREATE TABLE AS</TT
> to
create tables in the default tablespace, not the base directory (Kris
Jurka)</P
></LI
><LI
><P
>Fix server to use custom DH SSL parameters correctly (Michael
Fuhr)</P
></LI
><LI
><P
>Improve qsort performance (Dann Corbit)</P
><P
>Currently this code is only used on Solaris.</P
></LI
><LI
><P
>Fix for OS/X Bonjour on x86 systems (Ashley Clark)</P
></LI
><LI
><P
>Fix various minor memory leaks</P
></LI
><LI
><P
>Fix problem with password prompting on some Win32 systems
(Robert Kinberg)</P
></LI
><LI
><P
>Improve <SPAN
CLASS="APPLICATION"
>pg_dump</SPAN
>'s handling of default values
for domains</P
></LI
><LI
><P
>Fix <SPAN
CLASS="APPLICATION"
>pg_dumpall</SPAN
> to handle identically-named
users and groups reasonably (only possible when dumping from a pre-8.1 server)
(Tom)</P
><P
>The user and group will be merged into a single role with
<TT
CLASS="LITERAL"
>LOGIN</TT
> permission.  Formerly the merged role wouldn't have
<TT
CLASS="LITERAL"
>LOGIN</TT
> permission, making it unusable as a user.</P
></LI
><LI
><P
>Fix <SPAN
CLASS="APPLICATION"
>pg_restore</SPAN
> <TT
CLASS="LITERAL"
>-n</TT
> to work as
documented (Tom)</P
></LI
></UL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="release-8-1-5.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="release-8-1-3.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Release 8.1.5</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="release.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Release 8.1.3</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Youez - 2016 - github.com/yon3zu
LinuXploit