| From: | Josh <josh(at)globalherald(dot)net> |
|---|---|
| To: | Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Protecting a web app from Postgresql injection |
| Date: | 2008-01-30 22:27:20 |
| Message-ID: | alpine.LRH.1.00.0801301724560.19793@home-av-server.home-av |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Mary,
Are you using parameter substitution in your queries? That is the best
way to protect against these kinds of attacks.
What language are you using? We can provide examples of this if you'd
like.
Cheers,
-Josh
On Wed, 30 Jan 2008, Mary Anderson wrote:
> Date: Wed, 30 Jan 2008 13:48:59 -0800
> From: Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu>
> To: pgsql-novice(at)postgresql(dot)org
> Subject: [NOVICE] Protecting a web app from Postgresql injection
>
> Hi all,
> I have a web app I would like to protect against postgreSQL injection.
> What characters should I be on the lookout for? Any Any suggestions for
> enhancing the security of my app are welcome.
>
> Mary Anderson
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | G. J. Walsh | 2008-01-31 03:38:44 | postgresql-8.3RC2 and the continuing saga of libreadline |
| Previous Message | Isaac Vetter | 2008-01-30 22:05:53 | Re: database row count |