Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-sql

From	Scott Marlowe
Subject	Re: Protection from SQL injection
Date	April 27, 2008 00:21:54
Msg-id	dcc563d10804261721l68d7dcd1u329d796a8aa8a9b4@mail.gmail.com Whole thread Raw
In response to	Re: Protection from SQL injection (Thomas Kellerer <spam_eater@gmx.net>)
Responses	Re: Protection from SQL injection (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-sql

Tree view

On Sat, Apr 26, 2008 at 3:32 PM, Thomas Kellerer <spam_eater@gmx.net> wrote:
> Thomas Mueller wrote on 26.04.2008 18:32:
>
> > Literals can still be used when using query tools, or in applications
> considered 'safe'.
> >
>  I fail to see how the backend could distinguish between a query sent by a
> query tool and a query sent by an "application".

Wouldn't it be much simpler to have a version of the libpq client lib
that only understands prepared queries?

pgsql-sql by date:

From: Thomas Kellerer
Date: 26 April 2008, 21:33:11
Subject: Re: Protection from SQL injection

From: Tom Lane
Date: 27 April 2008, 03:42:23
Subject: Re: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-sql

Previous

Next