apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: apr_dbd_freetds
Date Wed, 22 Aug 2012 18:18:35 GMT
On 22 Aug 2012, at 7:18 PM, Nick Kew wrote:

> PR 53666 tells us apr_dbd_freetds doesn't work with Sybase,
> and very probably never did.  The reporter attaches a patch,
> but it's one I'm not happy with, even if I had access to any
> FreeTDS backend to test-drive (which I don't).  The basic
> objection is that FreeTDS doesn't support prepared statements,
> and the emulation in the driver opens big security issues.
> 
> We've had a bit of a thread on the subject on dev@httpd.
> 
> Is anyone in a position to take up the baton on FreeTDS?
> 
> If not, perhaps it's time we dropped that driver in favour
> of the ODBC one.

Am I right in understanding that a user of the freetds driver could realistically use the
ODBC driver instead? (I am assuming this is Windows).

If so, I would be in favour of deprecating the freetds driver and dropping the driver in v2.0,
as a driver that doesn't support prepared statements suffers higher security risks.

Regards,
Graham
--


Mime
View raw message