Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Gregory Stark
Subject	Re: Protection from SQL injection
Date	April 30, 2008 01:02:40
Msg-id	87zlrcf93t.fsf@oxford.xeocode.com Whole thread Raw
In response to	Re: Protection from SQL injection (Josh Berkus <josh@agliodbs.com>)
Responses	Re: Protection from SQL injection (Josh Berkus <josh@agliodbs.com>) Re: Protection from SQL injection (Andrew Sullivan <ajs@commandprompt.com>)
List	pgsql-hackers

Tree view

"Josh Berkus" <josh@agliodbs.com> writes:

>> (I sort of like the
>> suggestion up-thread, myself, which is to have a GUC that disables
>> multi-statement commands.  That'd probably cover a huge number of
>> cases, and combined with some sensible quoting rules in client
>> libraries, would quite possibly be enough.)
>
> MySQL did this already.

Did you guys miss Tom's comment up-thread? Postgres already does this if you
use PQExecParams().

--  Gregory Stark EnterpriseDB          http://www.enterprisedb.com Ask me about EnterpriseDB's Slony Replication
support!

pgsql-hackers by date:

From: "Gurjeet Singh"
Date: 30 April 2008, 00:47:09
Subject: Re: Protection from SQL injection

From: Josh Berkus
Date: 30 April 2008, 01:20:38
Subject: Re: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next