On Thu, May 01, 2008 at 06:33:07PM +0200, PFC wrote:
> But it's true that preventing multi-statements adds a layer of
> idiot-proofness... a rather thin layer...
As I already said in a previous remark in this thread, I don't really
like partial security solutions.
What the "no multi-statement SQL" switch adds is a complete protection
against _one class_ of injection attacks. What is nice about it is
that it completely eliminates that class of attacks, so they are no
longer something one needs to worry about.
They do not, of course, prevent every kind of injection attack. I
think the thread has already had ample evidence that such complete
prevention is either impractical to implement, too costly to existing
applications, too limiting, not actually effective (i.e. not really
complete prevention), or some combination of the above.
That's not an argument that the simple change that is effective for
only one class of attacks is a bad idea. Making the battlefield
smaller is one thing one can do to decrease one's exposure to attack.
A
--
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
