Quick Links

Re: Protection from SQL injection

From:	Florian Weimer <fw(at)deneb(dot)enyo(dot)de>
To:	"Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Protection from SQL injection
Date:	2008-05-04 17:38:45
Message-ID:	87y76qufyy.fsf@mid.deneb.enyo.de
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

* Thomas Mueller:

> What do you think about it? Do you think it makes sense to implement
> this security feature in PostgreSQL as well?

Can't this be implemented in the client library, or a wrapper around it?
A simple approximation would be to raise an error when you encounter a
query string that isn't contained in some special configuration file.

In response to

Protection from SQL injection at 2008-04-28 18:55:34 from Thomas Mueller

Responses

Re: Protection from SQL injection at 2008-05-05 14:28:12 from Chris Browne

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andrew Dunstan	2008-05-04 17:55:29	Re: Patch for Prevent pg_dump/pg_restore from being affected by statement_timeout
Previous Message	Tom Lane	2008-05-04 17:29:28	Re: Proposed Patch - LDAPS support for servers on port 636 w/o TLS