Re: Protection from SQL injection

On Sat, 26 Apr 2008 23:24:59 -0600
"Scott Marlowe" <scott.marlowe@gmail.com> wrote:

> On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> >  IIRC there was some discussion recently of providing a mode in
> > which the server would reject PQexec strings containing more than
> > one query. I didn't care for it much at the time, but I think it
> > would provide most of the benefit of these suggestions with far
> > less compatibility or performance hit.
> 
> agreed.

> And I trust (SQL) code review more than tying the hands of the
> programmers.

> But I've always had the luxury of working with developers who liked
> me as a DBA and were willing to do things my way, as far as the DB
> was concerned anyway...

what if you're the DBA and the dev and you don't trust yourself even
if you'd be willing to do the things your way ;)

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it