vulnerability of COPY command

From: Dennis Gearon <gearond(at)sbcglobal(dot)net>
To: pgsql-general(at)postgresql(dot)org
Subject: vulnerability of COPY command
Date: 2010-05-30 05:41:04
Message-ID: 404285.73527.qm@web82101.mail.mud.yahoo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

I'm trying to build a way to bulk load from a script to a Dbase, postgres.

Using single, parameterized statements is a pretty good defense against SQL injection, so I use Symfony as the main user input.

But for this bulk loading, it's tooooooo slow.

If I build a text based, COPY file for bulk purposes, to be input via the command line, is Postgres vulnerable to SQL injection from that?

Dennis Gearon

Signature Warning
----------------
EARTH has a Right To Life,
otherwise we all die.

Read 'Hot, Flat, and Crowded'
Laugh at http://www.yert.com/film.php

Responses

Browse pgsql-general by date

  From Date Subject
Next Message zhenyang guo 2010-05-30 07:08:05 Re: [GENERAL] Re: [GENERAL] hi,for help!
Previous Message Scott Marlowe 2010-05-30 03:54:51 Re: [GENERAL] Re: [GENERAL] hi,for help!