Home > mailing lists

Re: HIPPA (was Re: Anyone know ...) - Mailing list pgsql-general

From	Kevin Hunter
Subject	Re: HIPPA (was Re: Anyone know ...)
Date	March 9, 2007 17:42:54
Msg-id	45F1AA9B.3070001@earlham.edu Whole thread Raw
In response to	Re: HIPPA (was Re: Anyone know ...) (Kenneth Downs <ken@secdat.com>)
Responses	Re: HIPPA (was Re: Anyone know ...) (Kenneth Downs <ken@secdat.com>)
List	pgsql-general

Tree view

>> What about an SQL injection bug that allows for increased privileges?
>
> Um, web programming 101 is that you escape quotes on user-supplied
> inputs.  That ends SQL injection.

Pardon my naivete (I'm fairly new to web/DB programming) . . . is this
the current standard method of protection from SQL injection?  How does
it compare to SQL preparation with bound variables?

Kevin

pgsql-general by date:

From: "Martin Gainty"
Date: 09 March 2007, 17:40:21
Subject: Re: PostgreSQL to Oracle

From: Richard Broersma Jr
Date: 09 March 2007, 17:46:26
Subject: Re: Sw to generate ER model

Re: HIPPA (was Re: Anyone know ...) - Mailing list pgsql-general

Previous

Next