Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protecting a web app from Postgresql injection
- From: Josh <josh(at)globalherald(dot)net>
- To: Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu>
- Cc: pgsql-novice(at)postgresql(dot)org
- Subject: Re: Protecting a web app from Postgresql injection
- Date: Wed, 30 Jan 2008 17:27:20 -0500 (EST)
- Message-id: <alpine.LRH.1.00.0801301724560.19793@home-av-server.home-av> <text/plain>
Mary,Are you using parameter substitution in your queries? That is the best way to protect against these kinds of attacks.
What language are you using? We can provide examples of this if you'd like.
Cheers, -Josh On Wed, 30 Jan 2008, Mary Anderson wrote:
Date: Wed, 30 Jan 2008 13:48:59 -0800 From: Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu> To: pgsql-novice(at)postgresql(dot)org Subject: [NOVICE] Protecting a web app from Postgresql injection Hi all,I have a web app I would like to protect against postgreSQL injection. What characters should I be on the lookout for? Any Any suggestions for enhancing the security of my app are welcome.Mary Anderson ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
- References:
- Protecting a web app from Postgresql injection
- From: Mary Anderson
- Protecting a web app from Postgresql injection
- Prev by Date: Re: database row count
- Next by Date: postgresql-8.3RC2 and the continuing saga of libreadline
- Previous by thread: Protecting a web app from Postgresql injection
- Next by thread: Re: Protecting a web app from Postgresql injection
- Indexes: