Skip site navigation (1) Skip section navigation (2)

Re: Protection from SQL injection

From: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
To: pgsql-sql(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-04-27 07:08:30
Message-ID: 5f211bd50804270008l326acd69ia4b845e651992cfc@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-sql
Hi,

>  but can't the developer allow literals again?

Executing the statement SET ALLOW_LITERALS should be restricted. The
application uses another user name / password and doesn't have to
access rights to enable it. Maybe the user name / password is
configured using JNDI, so the application developper has no influence
on that. In any case, even if the developer can enable literals, I
don't think he would, because he would be afraid to be caught
cheating.

Regards,
Thomas

In response to

pgsql-sql by date

Next:From: Thomas MuellerDate: 2008-04-27 08:48:55
Subject: Re: Protection from SQL injection
Previous:From: Scott MarloweDate: 2008-04-27 05:24:59
Subject: Re: Protection from SQL injection

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group