Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
- To: pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Tue, 29 Apr 2008 16:55:21 -0400
- Message-id: <20080429205520(dot)GF4515(at)commandprompt(dot)com>
On Tue, Apr 29, 2008 at 04:33:01PM -0400, Andrew Dunstan wrote: > Moreover, it seems unlikely that it will even cover the field. A partial > cloak might indeed be worse than none, in that it will give some developers > an illusion of having security. I think this is a really important point, and one that isn't getting enough attention in this discussion. Half a security measure is almost always worse than none at all, exactly because people stop thinking they have to worry about that area of security at all. I think without a convincing argument that the proposal will even come close to covering most SQL injection cases, it's a bad idea. A -- Andrew Sullivan ajs(at)commandprompt(dot)com +1 503 667 4564 x104 http://www.commandprompt.com/
- Follow-Ups:
- Re: Protection from SQL injection
- From: Andrew Sullivan
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Tom Dunstan
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- From: Aidan Van Dyk
- Re: Protection from SQL injection
- From: Gregory Stark
- Re: Protection from SQL injection
- From: Aidan Van Dyk
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Andrew Dunstan
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: