Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>
- To: "Thomas Kellerer" <spam_eater(at)gmx(dot)net>
- Cc: pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sat, 26 Apr 2008 18:21:48 -0600
- Message-id: <dcc563d10804261721l68d7dcd1u329d796a8aa8a9b4(at)mail(dot)gmail(dot)com>
On Sat, Apr 26, 2008 at 3:32 PM, Thomas Kellerer <spam_eater(at)gmx(dot)net> wrote: > Thomas Mueller wrote on 26.04.2008 18:32: > > > Literals can still be used when using query tools, or in applications > considered 'safe'. > > > I fail to see how the backend could distinguish between a query sent by a > query tool and a query sent by an "application". Wouldn't it be much simpler to have a version of the libpq client lib that only understands prepared queries?
- Follow-Ups:
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Thomas Kellerer
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: