Home > mailing lists

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

From	Alvar Freude
Subject	Re: [SECURITY] DoS attack on backend possible (was: Re:
Date	August 18, 2002 10:55:27
Msg-id	2762930000.1029671721@gnarzelwicht.delirium-arts.de Whole thread Raw
In response to	Re: [SECURITY] DoS attack on backend possible (was: Re: (ngpg@grymmjack.com)
Responses	Re: [SECURITY] DoS attack on backend possible
List	pgsql-hackers

Tree view

Hi,

-- ngpg@grymmjack.com wrote:

>  What about checking the input for backslash, quote,
> and double quote (\'")?  If you are not taking care of those in input
> then  crashing the backend is going to be the least of your worries.

with Perl and *using placeholders and bind values*, the application
developer has not to worry about this. So, usually I don't check the
values in my applications (e.g. if only values between 1 and 5 are
allowed and under normal circumstances only these are possible), it's the
task of the database (check constraint).

Ciao Alvar

--
** ODEM ist für den poldi Award nominiert! http://www.poldiaward.de/
** http://www.poldiaward.de/index.php?display=detail&cat=audi&item=24
** http://odem.org/
** Mehr Projekte: http://alvar.a-blast.org/

pgsql-hackers by date:

From: Peter Eisentraut
Date: 18 August 2002, 08:33:50
Subject: Re: Open 7.3 items

From: Þórhallur Hálfdánarson
Date: 18 August 2002, 11:38:09
Subject: Re: Remove implicit unique index creation on SERIAL columns?

Re: [SECURITY] DoS attack on backend possible (was: Re: - Mailing list pgsql-hackers

Previous

Next