On Sat, Apr 26, 2008 at 3:32 PM, Thomas Kellerer <spam_eater(at)gmx(dot)net> wrote:
> Thomas Mueller wrote on 26.04.2008 18:32:
> > Literals can still be used when using query tools, or in applications
> considered 'safe'.
> I fail to see how the backend could distinguish between a query sent by a
> query tool and a query sent by an "application".
Wouldn't it be much simpler to have a version of the libpq client lib
that only understands prepared queries?
In response to
pgsql-sql by date
|Next:||From: Tom Lane||Date: 2008-04-27 03:42:14|
|Subject: Re: Protection from SQL injection |
|Previous:||From: Thomas Kellerer||Date: 2008-04-26 21:32:58|
|Subject: Re: Protection from SQL injection|