| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Andrew Sullivan <ajs(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-04-30 20:58:34 |
| Message-ID: | 20080430205834.GB3125@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 30, 2008 at 10:20:09AM -0400, Andrew Sullivan wrote:
> On Tue, Apr 29, 2008 at 09:02:30PM -0400, Gregory Stark wrote:
> > Did you guys miss Tom's comment up-thread? Postgres already does this if you
> > use PQExecParams().
>
> I did, yes. Thanks for the clue. OTOH, I do see the OP's point that
> it'd be nice if the DBA could enforce this rule. Maybe a way of
> insisting on PQExecParams() instead of anything else?
Create a function somewhere:
void PQexec()
{
die();
}
And it will override the one in the shared library. In other languages
subclassing should be able to provide the same effect.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-04-30 21:03:58 | Re: TidScan needs handling of a corner cases |
| Previous Message | Merlin Moncure | 2008-04-30 20:23:45 | libpq object hooks |