Mercurial > p > roundup > code
view doc/postgresql.txt @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | 76b71c9bd50d |
| children | e48b039b0ec0 |
line wrap: on
line source
========================== PostgreSQL/psycopg Backend ========================== This are notes about PostqreSQL backend based on the psycopg adapter for Roundup issue tracker. Prerequisites ============= To use PostgreSQL as backend for storing roundup data, you should additionally install: 1. PostgreSQL 8.x or higher - http://www.postgresql.org/ 2. The psycopg python interface to PostgreSQL: http://initd.org/software/initd/psycopg Running the PostgreSQL unit tests ================================= The user that you're running the tests as will need to be able to access the postgresql database on the local machine and create and drop databases. See the config values in 'test/db_test_base.py' about which database connection, name and user will be used. Credit ====== The postgresql backend was originally submitted by Federico Di Gregorio <fog@initd.org>