Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Tino Wildenhain
Subject	Re: Protection from SQL injection
Date	April 30, 2008 14:48:38
Msg-id	4818869C.8010508@wildenhain.de Whole thread Raw
In response to	Re: Protection from SQL injection (Andrew Dunstan <andrew@dunslane.net>)
Responses	Re: Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>)
List	pgsql-hackers

Tree view

Andrew Dunstan wrote:
> 
> 
> Tino Wildenhain wrote:
>> Hi,
>>
>>> In C the best practice is to use #define for constants. In C++ you
>>> have 'const', in Java 'static final'. Unfortunately the 'named
>>> constant' concept doesn't exist in SQL. I think that's a mistake. I
>>> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
>>> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.
>>
>> of course you mean:
>>
>> CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)
> 
> Why does he mean that? Manifest constants are not typed in plenty of 
> languages.

Well but in this case we want them to prevent easy sql injection and
therefore arbitrary macro expansion like in those "plenty of languages"
does not seem like a good idea to me.

Cheers
Tino

pgsql-hackers by date:

From: Tom Lane
Date: 30 April 2008, 14:32:49
Subject: Re: Proposed patch - psql wraps at window width

From: PFC
Date: 30 April 2008, 14:50:29
Subject: Re: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next