Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-sql

From	Jaime Casanova
Subject	Re: Protection from SQL injection
Date	April 26, 2008 18:16:15
Msg-id	c2d9e70e0804261116yca965eflf24586c4ca0cf852@mail.gmail.com Whole thread Raw
In response to	Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>)
Responses	Re: Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>)
List	pgsql-sql

Tree view

On Sat, Apr 26, 2008 at 11:32 AM, Thomas Mueller
<thomas.tom.mueller@gmail.com> wrote:
>
> The 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or
> by an administrator.

then it solves nothing...
what if the developer never SET ALLOW_LITERALS NONE or
maybe i can inject "select * from tab where intcol = intcol; set
allow_literals all; add any query you want"

-- 
regards,
Jaime Casanova
Soporte de PostgreSQL
Guayaquil - Ecuador
Cel. (593) 087171157

pgsql-sql by date:

From: Tom Lane
Date: 26 April 2008, 17:05:19
Subject: Re: Protection from SQL injection

From: "Thomas Mueller"
Date: 26 April 2008, 18:17:02
Subject: Fwd: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-sql

Previous

Next