Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: "Jaime Casanova" <systemguards(at)gmail(dot)com>
- To: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
- Cc: pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sat, 26 Apr 2008 13:16:10 -0500
- Message-id: <c2d9e70e0804261116yca965eflf24586c4ca0cf852(at)mail(dot)gmail(dot)com>
On Sat, Apr 26, 2008 at 11:32 AM, Thomas Mueller <thomas(dot)tom(dot)mueller(at)gmail(dot)com> wrote: > > The 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or > by an administrator. then it solves nothing... what if the developer never SET ALLOW_LITERALS NONE or maybe i can inject "select * from tab where intcol = intcol; set allow_literals all; add any query you want" -- regards, Jaime Casanova Soporte de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157
- Follow-Ups:
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Fwd: Protection from SQL injection
- Previous by thread: Fwd: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: