Skip site navigation (1) Skip section navigation (2)

Re: Protection from SQL injection

From: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Thomas Kellerer" <spam_eater(at)gmx(dot)net>, pgsql-sql(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-04-27 05:24:59
Message-ID: dcc563d10804262224l431f0ae3t6c75af94a1ef3876@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-sql
On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

>  IIRC there was some discussion recently of providing a mode in which
>  the server would reject PQexec strings containing more than one query.
>  I didn't care for it much at the time, but I think it would provide
>  most of the benefit of these suggestions with far less compatibility
>  or performance hit.

agreed.

And I trust (SQL) code review more than tying the hands of the programmers.

But I've always had the luxury of working with developers who liked me
as a DBA and were willing to do things my way, as far as the DB was
concerned anyway...

In response to

Responses

pgsql-sql by date

Next:From: Thomas MuellerDate: 2008-04-27 07:08:30
Subject: Re: Protection from SQL injection
Previous:From: Tom LaneDate: 2008-04-27 03:58:40
Subject: Re: Protection from SQL injection

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group