Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
- To: pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sun, 27 Apr 2008 11:29:09 +0200
- Message-id: <20080427112909(dot)053cab47(at)dawn(dot)webthatworks(dot)it>
On Sat, 26 Apr 2008 23:24:59 -0600 "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> wrote: > On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote: > > > IIRC there was some discussion recently of providing a mode in > > which the server would reject PQexec strings containing more than > > one query. I didn't care for it much at the time, but I think it > > would provide most of the benefit of these suggestions with far > > less compatibility or performance hit. > > agreed. > And I trust (SQL) code review more than tying the hands of the > programmers. > But I've always had the luxury of working with developers who liked > me as a DBA and were willing to do things my way, as far as the DB > was concerned anyway... what if you're the DBA and the dev and you don't trust yourself even if you'd be willing to do the things your way ;) -- Ivan Sergio Borgonovo http://www.webthatworks.it
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Thomas Kellerer
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- From: Scott Marlowe
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: