| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Dennis Gearon <gearond(at)sbcglobal(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: vulnerability of COPY command |
| Date: | 2010-05-30 07:19:19 |
| Message-ID: | AANLkTilQph5jxTPZa4kc3BudysWvmRPlj7ANFLBX5rJc@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello
2010/5/30 Dennis Gearon <gearond(at)sbcglobal(dot)net>:
> I'm trying to build a way to bulk load from a script to a Dbase, postgres.
>
> Using single, parameterized statements is a pretty good defense against SQL injection, so I use Symfony as the main user input.
>
> But for this bulk loading, it's tooooooo slow.
Maybe you have enabled autocomit - then it can be very very slow.
>
> If I build a text based, COPY file for bulk purposes, to be input via the command line, is Postgres vulnerable to SQL injection from that?
SQL database cannot be injected via NON SQL statemenst like COPY.
Regards
Pavel Stehule
>
>
> Dennis Gearon
>
> Signature Warning
> ----------------
> EARTH has a Right To Life,
> otherwise we all die.
>
> Read 'Hot, Flat, and Crowded'
> Laugh at http://www.yert.com/film.php
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Gainty | 2010-05-30 10:37:15 | Re: vulnerability of COPY command |
| Previous Message | zhenyang guo | 2010-05-30 07:08:05 | Re: [GENERAL] Re: [GENERAL] hi,for help! |