Home > mailing lists

Re: Protecting a web app from Postgresql injection - Mailing list pgsql-novice

From	A. Kretschmer
Subject	Re: Protecting a web app from Postgresql injection
Date	January 31, 2008 04:54:01
Msg-id	20080131055353.GA27047@a-kretschmer.de Whole thread Raw
In response to	Protecting a web app from Postgresql injection (Mary Anderson <maryfran@demog.berkeley.edu>)
List	pgsql-novice

Tree view

am  Wed, dem 30.01.2008, um 13:48:59 -0800 mailte Mary Anderson folgendes:
> Hi all,
>    I have a web app I would like to protect against postgreSQL
> injection.  What characters should I be on the lookout for?  Any Any
> suggestions for enhancing the security of my app are welcome.

The best way to protect against SQL-Injection are prepared statements,
read more about this:

http://www.postgresql.org/docs/current/static/sql-prepare.html


Andreas
--
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

pgsql-novice by date:

From: "G. J. Walsh"
Date: 31 January 2008, 02:38:53
Subject: postgresql-8.3RC2 and the continuing saga of libreadline

From: Michael Lush
Date: 31 January 2008, 07:42:26
Subject: Re: Protecting a web app from Postgresql injection

Re: Protecting a web app from Postgresql injection - Mailing list pgsql-novice

Previous

Next