[Asterisk-Dev] problem with cdr_odbc
brian
brian at bkw.org
Wed May 19 15:22:56 MST 2004
You can't. I won't allow you to submit something to cvs that will bypass
the prepare. If you bypass prepare you open yourself up for an SQL
injection attack. The prepare escapes all the nasty stuff. Let me see if I
can find the proper solution for CVS. The FreeTDS driver needs to be fixed.
All it takes is someone with some time to call your system with some jacked
up callerid name and BOOM they can delete your whole database (in theory).
bkw
> -----Original Message-----
> From: asterisk-dev-admin at lists.digium.com [mailto:asterisk-dev-
> admin at lists.digium.com] On Behalf Of Pablo Endres
> Sent: Wednesday, May 19, 2004 3:30 PM
> To: asterisk-dev at lists.digium.com
> Subject: RE: [Asterisk-Dev] problem with cdr_odbc
>
> Oka I fixed the problem with cdr_odbc. Here's what I did:
>
> I found that there was a problem with the freetds driver to
> MSSQL2000 with the datetime and the prepared statements.
>
> So I rewrote the code using SQLExecDirect in it's place.
>
> Now how do I summit the code to de CVS? Maybe just make a patch in the
> makefile.. so when you compile for freetds you can use this
> version.
>
> Just an idea.
>
> Please let me know
>
> Pablo
>
>
> --
> Pablo Endres <epablo at comvoz.com>
> ComVoz Comunications
>
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
More information about the asterisk-dev
mailing list