Skip site navigation (1) Skip section navigation (2)

Re: Protecting a web app from Postgresql injection

From: "A(dot) Kretschmer" <andreas(dot)kretschmer(at)schollglas(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: Protecting a web app from Postgresql injection
Date: 2008-01-31 05:53:53
Message-ID: 20080131055353.GA27047@a-kretschmer.de (view raw or flat)
Thread:
Lists: pgsql-novice
am  Wed, dem 30.01.2008, um 13:48:59 -0800 mailte Mary Anderson folgendes:
> Hi all,
>    I have a web app I would like to protect against postgreSQL 
> injection.  What characters should I be on the lookout for?  Any Any 
> suggestions for enhancing the security of my app are welcome.

The best way to protect against SQL-Injection are prepared statements,
read more about this: 

http://www.postgresql.org/docs/current/static/sql-prepare.html


Andreas
-- 
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

In response to

pgsql-novice by date

Next:From: Michael LushDate: 2008-01-31 08:41:47
Subject: Re: Protecting a web app from Postgresql injection
Previous:From: G. J. WalshDate: 2008-01-31 03:38:44
Subject: postgresql-8.3RC2 and the continuing saga of libreadline

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group