| From: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Thomas Kellerer" <spam_eater(at)gmx(dot)net>, pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-04-27 05:24:59 |
| Message-ID: | dcc563d10804262224l431f0ae3t6c75af94a1ef3876@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> IIRC there was some discussion recently of providing a mode in which
> the server would reject PQexec strings containing more than one query.
> I didn't care for it much at the time, but I think it would provide
> most of the benefit of these suggestions with far less compatibility
> or performance hit.
agreed.
And I trust (SQL) code review more than tying the hands of the programmers.
But I've always had the luxury of working with developers who liked me
as a DBA and were willing to do things my way, as far as the DB was
concerned anyway...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Mueller | 2008-04-27 07:08:30 | Re: Protection from SQL injection |
| Previous Message | Tom Lane | 2008-04-27 03:58:40 | Re: Protection from SQL injection |