Skip site navigation (1) Skip section navigation (2)

Re: como ejecutar vists con parametros desde python?

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: mbr <yourpadre(at)gmail(dot)com>
Cc: pgsql-es-ayuda(at)postgresql(dot)org
Subject: Re: como ejecutar vists con parametros desde python?
Date: 2006-05-29 20:51:41
Message-ID: 20060529205140.GG24193@surnet.cl (view raw or flat)
Thread:
Lists: pgsql-es-ayuda
mbr escribió:
> Con el reciente bug que salio en postgresql recomiedan que en lugar de
> costruir la consulta y enviarla al servidor, lo mejor es crear vistas
> en el servidor y llamarlas.

Donde dice eso?

Q: What else can I do to foil SQL injection attacks?

A: There are quite a number of steps you can use to foil SQL injection attacks
in addition to these updates, which are things security-conscious application
developers should be doing anyway:

   1. Employ a good database security design, in which restrictive database
permissions are assigned to public database roles.
   2. Use parameterized prepared statements to execute queries (e.g. "SELECT *
FROM table WHERE id = ?") (please note that PHP does not have proper support
for this feature earlier than v5.1)
   3. Use stored procedures to execute queries from web applications, instead
of sending them directly to the database.
   4. Hash or encrypt valuable data in the database.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

In response to

pgsql-es-ayuda by date

Next:From: lein gutierrezDate: 2006-05-29 21:17:32
Subject: Re: problema de compilacion de postgresql a nivel fuente
Previous:From: mbrDate: 2006-05-29 20:46:30
Subject: como ejecutar vists con parametros desde python?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group