Home > mailing lists

Re: Protecting a web app from Postgresql injection - Mailing list pgsql-novice

From	Josh
Subject	Re: Protecting a web app from Postgresql injection
Date	January 30, 2008 21:21:47
Msg-id	alpine.LRH.1.00.0801301724560.19793@home-av-server.home-av Whole thread Raw
In response to	Protecting a web app from Postgresql injection (Mary Anderson <maryfran@demog.berkeley.edu>)
List	pgsql-novice

Tree view

Mary,

Are you using parameter substitution in your queries?  That is the best
way to protect against these kinds of attacks.

What language are you using?  We can provide examples of this if you'd
like.

Cheers,
-Josh

On Wed, 30 Jan 2008, Mary Anderson wrote:

> Date: Wed, 30 Jan 2008 13:48:59 -0800
> From: Mary Anderson <maryfran@demog.berkeley.edu>
> To: pgsql-novice@postgresql.org
> Subject: [NOVICE] Protecting a web app from Postgresql injection
>
> Hi all,
>   I have a web app I would like to protect against postgreSQL injection.
> What characters should I be on the lookout for?  Any Any suggestions for
> enhancing the security of my app are welcome.
>
> Mary Anderson
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
>

pgsql-novice by date:

From: Isaac Vetter
Date: 30 January 2008, 21:06:14
Subject: Re: database row count

From: "G. J. Walsh"
Date: 31 January 2008, 02:38:53
Subject: postgresql-8.3RC2 and the continuing saga of libreadline

Re: Protecting a web app from Postgresql injection - Mailing list pgsql-novice

Previous

Next