[GRASS-dev] winGRASS 6.4.svn: Attribute manager not opening
Hamish
hamish_b at yahoo.com
Mon Sep 10 17:23:48 PDT 2012
Anna wrote:
> This doesn't seem related. I explained the problem in the
> mail above but I can try to explain it more clearly if needed.
sorry, I reread you post and it was clear enough. the confusion
was all mine.
> Here is the ticket:
> http://trac.osgeo.org/grass/ticket/1633
it seems a bit strange that the contents of a varchar string
are able to break the GUI. maybe in this case it's possible to
work around it, but in general seems like a deeper problem,
vulnerable to sql injection style issues and the current parsing
method may need to be revisited.
http://en.wikipedia.org/wiki/Sql_injection
(not that grass is in any way safe from buffer overflows and
sql or shell script injections, but we should try to fix these
where we notice them since they make the code more robust)
Hamish
More information about the grass-dev
mailing list