shibboleth-dev - ODBC Store: makeSafeSQL
Subject: Shibboleth Developers
List archive
- From: giacomo tenaglia <>
- To:
- Subject: ODBC Store: makeSafeSQL
- Date: Tue, 26 Feb 2008 11:30:40 +0100
Hi,
I'm still testing ODBC store (and looking for best practices in using
serialization with Oracle), and I've had a problem with a user that has
a quote char into his REMOTE_USER:
2008-02-26 08:59:54 ERROR XMLTooling.StorageService [363]: error searching
for (t=texts, c=NameID, k=remoteuserwith'aquote)
2008-02-26 08:59:54 ERROR XMLTooling.StorageService [363]: ODBC Error:
HY000:1:1756:[Oracle][ODBC][Ora]ORA-01756: quoted string not properly
terminated
2008-02-26 08:59:54 ERROR Shibboleth.SessionCache [363]: error storing back
mapping of NameID for logout: ODBC StorageService search failed.
What I expect from makeSafeSQL() is to escape quotes, so maybe line 241
of odbc-store.cpp should be:
if (*src=='\'') *s++ = '\\';
instead of:
if (*src=='\'') *s++ = '\'';
The log refers to unescaped string, so the double quote is not present.
Ciao,
giacomo
--
giacomo tenaglia
Technical Student at CERN IT/DES-SIS
CNR Biblioteca d'Area di Bologna - http://biblio.bo.cnr.it
Phone +41 76 5003376 -
sip:
- ODBC Store: makeSafeSQL, giacomo tenaglia, 02/26/2008
- RE: ODBC Store: makeSafeSQL, Scott Cantor, 02/26/2008
- RE: ODBC Store: makeSafeSQL, Scott Cantor, 02/26/2008
- <Possible follow-up(s)>
- Re: ODBC Store: makeSafeSQL, giacomo tenaglia, 02/27/2008
Archive powered by MHonArc 2.6.16.