Home > mailing lists

Re: Sql injection attacks - Mailing list pgsql-general

From	Doug McNaught
Subject	Re: Sql injection attacks
Date	July 26, 2004 13:45:22
Msg-id	87bri27uh6.fsf@asmodeus.mcnaught.org Whole thread Raw
In response to	Re: Sql injection attacks (Geoff Caplan <geoff@variosoft.com>)
Responses	Re: Sql injection attacks (Geoff Caplan <geoff@variosoft.com>)
List	pgsql-general

Tree view

Geoff Caplan <geoff@variosoft.com> writes:

> But in web work, you are often using GET/POST data directly in your
> SQL clauses, so the untrusted data is part of the query syntax and not
> just a value.

Can you give an example of this that isn't also an example of
obviously bad application design?

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
   --T. J. Jackson, 1863

pgsql-general by date:

From: Gaetano Mendola
Date: 26 July 2004, 12:46:42
Subject: Re: selecting more that 2 tables based on 1 subquery find an error

From: Jerry LeVan
Date: 26 July 2004, 13:52:56
Subject: isNumeric function?

Re: Sql injection attacks - Mailing list pgsql-general

Previous

Next