Quick Links

Limit on number of queries from CGI or PHP (security)

From:	Rikul Patel <rikul7(at)yahoo(dot)com>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Limit on number of queries from CGI or PHP (security)
Date:	2000-10-17 08:00:31
Message-ID:	20001017080031.19989.qmail@web3403.mail.yahoo.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Hi,

Is there any way I can restrict number of queries to
only one? Here's the problem:

If PHP script gets some data as input from user, and
PHP scripts tries to put this data into Postgresql,
what's keeping the user to modify the data in way to
have postgresql execute two queries.

So instead of some PHP script generating query like
"select * from table where text='some text' or id=1",
some malicious user could make it generate "select *
from table where text='some text' or id=1;delete from
table"

Thanks,
Rikul

__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's FREE.
http://im.yahoo.com/

Responses

Re: Limit on number of queries from CGI or PHP (security) at 2000-10-17 08:28:04 from Alfred Perlstein
Re: Limit on number of queries from CGI or PHP (security) at 2000-10-17 12:38:49 from KuroiNeko
Re: Limit on number of queries from CGI or PHP (security) at 2000-10-17 13:17:50 from Michelle Murrain
Re: Limit on number of queries from CGI or PHP (security) at 2000-10-17 15:07:09 from Adam Lang
Re: Limit on number of queries from CGI or PHP (security) at 2000-10-19 03:41:57 from Charles Tassell

Browse pgsql-general by date

	From	Date	Subject
Next Message	AGRE Enterprises	2000-10-17 08:12:36	Stumped on PlPgSql
Previous Message	Franck Martin	2000-10-17 06:30:59	RE: storing binary data - PGSQL book/documentation