Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Greg Sabino Mullane
Subject	Re: Protection from SQL injection
Date	May 2, 2008 17:25:56
Msg-id	b3bba1dc51463384bc1141d13eb99164@biglumber.com Whole thread Raw
In response to	Re: Protection from SQL injection (Alvaro Herrera <alvherre@commandprompt.com>)
List	pgsql-hackers

Tree view

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


> Hmm, it won't be pretty for the drivers that do PQexec("COMMIT; BEGIN").
> The driver will think that it's in a transaction when in fact the second
> command in the string has been ignored, and so it's not ...

Any driver that is doing that should be shot.

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200805021325
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkgbTn4ACgkQvJuQZxSWSshKwwCfewZyRy/b6PvJrQn6pTlgsSDb
MeQAoM4sajlNKU17z3tVDqVTfqcyLf9N
=Fj0e
-----END PGP SIGNATURE-----

pgsql-hackers by date:

From: Tom Lane
Date: 02 May 2008, 16:02:13
Subject: Re: [PATCHES] GUC parameter cursors_tuple_fraction

From: Simon Riggs
Date: 02 May 2008, 17:34:03
Subject: Re: [PATCHES] GUC parameter cursors_tuple_fraction

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next