Home > mailing lists

Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story) - Mailing list pgsql-general

From	Scott Marlowe
Subject	Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)
Date	February 5, 2010 23:17:06
Msg-id	dcc563d11002051323lbaa2289jdb5db98599ca4204@mail.gmail.com Whole thread Raw
In response to	Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story) (John R Pierce <pierce@hogranch.com>)
List	pgsql-general

Tree view

On Fri, Feb 5, 2010 at 1:09 PM, John R Pierce <pierce@hogranch.com> wrote:
> if you use parameterized calls (easy in perl, java, etc but not so easy in
> php), you're should be immune.  in the past there were some issues with
> specific evil mis-coded UTF8 sequences, but afaik, thats been cleared up for
> quite a while.

Please don't FUD php.  The usage of prepared statements is quite
simple, either with the native pg set of functions, or the PDO
abstraction layers.  PHP has plenty of issues, this is not one of
them.

pgsql-general by date:

From: Andre Lopes
Date: 05 February 2010, 23:08:59
Subject: How can I test my web application against SQL Injections?

From: Jeff Davis
Date: 05 February 2010, 23:50:10
Subject: Re: How can I test my web application against SQL Injections?

Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story) - Mailing list pgsql-general

Previous

Next