"Andrew Sullivan" <ajs@commandprompt.com> writes:
> The _principal_ trick with SQL injection is to fool the application
> into somehow handing a ";" followed by an arbitrary SQL statement.
> There are of course other things one can do, but most of them are
> constrained to abuse of statements your application already performs.
> This injection problem, on the other hand, allows an attacker to do
> whatever they want.
They're the principal trick only because they're the most convenient. If you
block them (as you can today by using PQExecParams() !!!) then people will
switch to other things.
c.f.
http://www.areino.com/hackeando/
(there is a semicolon here but that's a microsoft-ism, postgres would actually
be more affected by this style of attack without the semicolon)
-- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's Slony Replication
support!
