Postgres Pro
Downloads
Home   >   mailing lists

Limit on number of queries from CGI or PHP (security) - Mailing list pgsql-general

From Rikul Patel
Subject Limit on number of queries from CGI or PHP (security)
Date
Msg-id 20001017080031.19989.qmail@web3403.mail.yahoo.com
Whole thread Raw
Responses Re: Limit on number of queries from CGI or PHP (security)  (Alfred Perlstein <bright@wintelcom.net>)
Re: Limit on number of queries from CGI or PHP (security)  (Michelle Murrain <mpm@norwottuck.com>)
Re: Limit on number of queries from CGI or PHP (security)  (Charles Tassell <ctassell@isn.net>)
List pgsql-general
Tree view 
Hi,

Is there any way I can restrict number of queries to
only one? Here's the problem:

If PHP script gets some data as input from user, and
PHP scripts tries to put this data into Postgresql,
what's keeping the user to modify the data in way to
have postgresql execute two queries.

So instead of some PHP script generating query like
"select * from table where text='some text' or id=1",
some malicious user could make it generate "select *
from table where text='some text' or id=1;delete from
table"

Thanks,
Rikul

__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/

pgsql-general by date:

Previous
From: "Makiko Kudo"
Date:
Subject: temporary table size
Next
From: Colin Taylor
Date:
Subject: Getting DateStyle Using C++ Library