Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Protection from SQL injection
Date	April 30, 2008 21:34:33
Msg-id	23282.1209591218@sss.pgh.pa.us Whole thread Raw
In response to	Re: Protection from SQL injection (Martijn van Oosterhout <kleptog@svana.org>)
Responses	Re: Protection from SQL injection (Andrew Sullivan <ajs@commandprompt.com>)
List	pgsql-hackers

Tree view

Martijn van Oosterhout <kleptog@svana.org> writes:
> void PQexec()
> {
>   die();
> }

Actually disabling PQexec seems like a pretty poor decision; it breaks
working code to no purpose.  Also, doing it on the client side means
you're at risk of some clients being secure and some not.  I thought
what we were discussing was a server-side GUC parameter that would
disallow more than one SQL statement per PQexec.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 30 April 2008, 21:04:48
Subject: Re: TidScan needs handling of a corner cases

From: Bryce Nesbitt
Date: 30 April 2008, 22:00:23
Subject: Re: Proposed patch - psql wraps at window width

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next