Re: Protection from SQL injection

From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-05-01 15:47:04
Message-ID: 20080501154703.GD6482@commandprompt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, May 01, 2008 at 11:26:21AM -0400, Tom Lane wrote:
>
> 1. Inexpensive to implement;
> 2. Unlikely to break most applications;
> 3. Closes off a fairly large class of injection attacks.
>
> The cost/benefit ratio looks pretty good (unlike the idea that started
> this thread...)

That's a much more elegant way of putting what I thought. Thanks,
Tom.

A

--
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2008-05-01 16:02:32 Re: Internal design of MERGE, with Rules
Previous Message Tom Lane 2008-05-01 15:26:21 Re: Protection from SQL injection