Re: Protection from SQL injection

On Tue, Apr 29, 2008 at 04:33:01PM -0400, Andrew Dunstan wrote:

> Moreover, it seems unlikely that it will even cover the field. A partial 
> cloak might indeed be worse than none, in that it will give some developers 
> an illusion of having security.

I think this is a really important point, and one that isn't getting
enough attention in this discussion.   Half a security measure is
almost always worse than none at all, exactly because people stop
thinking they have to worry about that area of security at all.  I
think without a convincing argument that the proposal will even come
close to covering most SQL injection cases, it's a bad idea.

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/