Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>
- Cc: "Thomas Kellerer" <spam_eater(at)gmx(dot)net>, pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sat, 26 Apr 2008 23:58:40 -0400
- Message-id: <13885.1209268720@sss.pgh.pa.us> <text/plain>
"Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> writes: > Agreed. My point was that to do what the OP wants, wouldn't it make > more sense to just lobotomize libpq so it doesn't understand anything > but prepared queries. I doubt that that particular lobotomization accomplishes much in comparison to the penalties. IIRC there was some discussion recently of providing a mode in which the server would reject PQexec strings containing more than one query. I didn't care for it much at the time, but I think it would provide most of the benefit of these suggestions with far less compatibility or performance hit. regards, tom lane
- Follow-Ups:
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Thomas Kellerer
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- From: Scott Marlowe
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: