Re: inactivity, and orphaned packages
On Wed, Jan 09, 2002 at 02:16:19AM -0800, David D.W. Dowey wrote:
> I'm willing to take the libpam-pgsql if you are willing to assign it to me.
Go for it. If you want to take ownership of the code, I'd be very happy
as well :)
There is a security problem with the way it accesses the database, in that
single quotes are not escaped.
A discussion of the problem, and a suggested fix, is here:
http://cert.uni-stuttgart.de/advisories/apache_auth.php
I myself don't have the time to look into this...
Regards,
Leon.
Reply to: