Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Josh Berkus <josh(at)agliodbs(dot)com>
- To: pgsql-hackers(at)postgresql(dot)org
- Cc: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
- Subject: Re: Protection from SQL injection
- Date: Tue, 29 Apr 2008 14:10:20 -0700
- Message-id: <200804291410(dot)21744(dot)josh(at)agliodbs(dot)com>
Thomas, > For PostgreSQL the 'disable literals' feature would be great > publicity: PostgreSQL would be the first only major database that has > a good story regarding SQL injection. Yes it's not the magic silver > bullet, but databases like MS SQL Server, Oracle or MySQL would look > really bad. Please don't let the debate over this break your enthusiasm for improving PostgreSQL security. We really care about security, which is why we want to run your proposal throught the gauntlet. You said you've done this for H2. Isn't H2 only accessable through Java, though? How many people are using literals in Java? And, as of this week MSSQL already looks really bad. 300,000 worm-infected servers, and counting! -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Aidan Van Dyk
- Re: Protection from SQL injection
- From: Thomas Mueller
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: