Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
- To: pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sun, 27 Apr 2008 09:08:30 +0200
- Message-id: <5f211bd50804270008l326acd69ia4b845e651992cfc(at)mail(dot)gmail(dot)com>
Hi, > but can't the developer allow literals again? Executing the statement SET ALLOW_LITERALS should be restricted. The application uses another user name / password and doesn't have to access rights to enable it. Maybe the user name / password is configured using JNDI, so the application developper has no influence on that. In any case, even if the developer can enable literals, I don't think he would, because he would be afraid to be caught cheating. Regards, Thomas
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Jaime Casanova
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Jaime Casanova
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: