Quick Links

Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

From:	Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
To:	John R Pierce <pierce(at)hogranch(dot)com>
Cc:	David Kerr <dmk(at)mr-paradox(dot)net>, pgsql-general(at)postgresql(dot)org
Subject:	Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)
Date:	2010-02-05 21:23:26
Message-ID:	dcc563d11002051323lbaa2289jdb5db98599ca4204@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Fri, Feb 5, 2010 at 1:09 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> if you use parameterized calls (easy in perl, java, etc but not so easy in
> php), you're should be immune. in the past there were some issues with
> specific evil mis-coded UTF8 sequences, but afaik, thats been cleared up for
> quite a while.

Please don't FUD php. The usage of prepared statements is quite
simple, either with the native pg set of functions, or the PDO
abstraction layers. PHP has plenty of issues, this is not one of
them.

In response to

Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story) at 2010-02-05 20:09:57 from John R Pierce

Browse pgsql-general by date

	From	Date	Subject
Next Message	Bruce Momjian	2010-02-05 21:35:39	Re: \dt+ sizes don't include TOAST data
Previous Message	Andre Lopes	2010-02-05 21:20:26	How can I test my web application against SQL Injections?