Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Andrew Sullivan
Subject	Re: Protection from SQL injection
Date	May 1, 2008 15:47:18
Msg-id	20080501154703.GD6482@commandprompt.com Whole thread Raw
In response to	Re: Protection from SQL injection (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>)
List	pgsql-hackers

Tree view

On Thu, May 01, 2008 at 11:26:21AM -0400, Tom Lane wrote:
> 
> 1. Inexpensive to implement;
> 2. Unlikely to break most applications;
> 3. Closes off a fairly large class of injection attacks.
> 
> The cost/benefit ratio looks pretty good (unlike the idea that started
> this thread...)

That's a much more elegant way of putting what I thought.  Thanks,
Tom.

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/

pgsql-hackers by date:

From: Tom Lane
Date: 01 May 2008, 15:26:27
Subject: Re: Protection from SQL injection

From: Simon Riggs
Date: 01 May 2008, 16:01:03
Subject: Re: Internal design of MERGE, with Rules

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next