Re: Protecting a web app from Postgresql injection

From: "A(dot) Kretschmer" <andreas(dot)kretschmer(at)schollglas(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: Protecting a web app from Postgresql injection
Date: 2008-01-31 05:53:53
Message-ID: 20080131055353.GA27047@a-kretschmer.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

am Wed, dem 30.01.2008, um 13:48:59 -0800 mailte Mary Anderson folgendes:
> Hi all,
> I have a web app I would like to protect against postgreSQL
> injection. What characters should I be on the lookout for? Any Any
> suggestions for enhancing the security of my app are welcome.

The best way to protect against SQL-Injection are prepared statements,
read more about this:

http://www.postgresql.org/docs/current/static/sql-prepare.html

Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Michael Lush 2008-01-31 08:41:47 Re: Protecting a web app from Postgresql injection
Previous Message G. J. Walsh 2008-01-31 03:38:44 postgresql-8.3RC2 and the continuing saga of libreadline