| From: | Alvar Freude <alvar(at)a-blast(dot)org> |
|---|---|
| To: | ngpg(at)grymmjack(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-18 11:55:21 |
| Message-ID: | 2762930000.1029671721@gnarzelwicht.delirium-arts.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Hi,
-- ngpg(at)grymmjack(dot)com wrote:
> What about checking the input for backslash, quote,
> and double quote (\'")? If you are not taking care of those in input
> then crashing the backend is going to be the least of your worries.
with Perl and *using placeholders and bind values*, the application
developer has not to worry about this. So, usually I don't check the
values in my applications (e.g. if only values between 1 and 5 are
allowed and under normal circumstances only these are possible), it's the
task of the database (check constraint).
Ciao
Alvar
--
** ODEM ist für den poldi Award nominiert! http://www.poldiaward.de/
** http://www.poldiaward.de/index.php?display=detail&cat=audi&item=24
** http://odem.org/
** Mehr Projekte: http://alvar.a-blast.org/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Meskes | 2002-08-18 14:32:22 | pgsql-server/src/interfaces/ecpg Tag: ecpg_big ... |
| Previous Message | Peter Eisentraut - PostgreSQL | 2002-08-18 11:20:05 | pgsql-server/src/backend/commands trigger.c |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Þórhallur Hálfdánarson | 2002-08-18 12:37:51 | Re: Remove implicit unique index creation on SERIAL columns? |
| Previous Message | Peter Eisentraut | 2002-08-18 09:37:20 | Re: Open 7.3 items |