Quick Links

Re: Protection from SQL injection

From:	Josh Berkus <josh(at)agliodbs(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Cc:	Andrew Sullivan <ajs(at)commandprompt(dot)com>
Subject:	Re: Protection from SQL injection
Date:	2008-04-29 22:24:10
Message-ID:	200804291524.11565.josh@agliodbs.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> (I sort of like the
> suggestion up-thread, myself, which is to have a GUC that disables
> multi-statement commands. That'd probably cover a huge number of
> cases, and combined with some sensible quoting rules in client
> libraries, would quite possibly be enough.)

MySQL did this already.

--
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

In response to

Re: Protection from SQL injection at 2008-04-29 21:23:39 from Andrew Sullivan

Responses

Re: Protection from SQL injection at 2008-04-30 01:02:30 from Gregory Stark

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andreas 'ads' Scherbaum	2008-04-30 00:19:21	Re: Protection from SQL injection
Previous Message	Andrew Sullivan	2008-04-29 21:23:39	Re: Protection from SQL injection