Re: Sql injection attacks
| От | Tom Allison |
|---|---|
| Тема | Re: Sql injection attacks |
| Дата | |
| Msg-id | 4105ED5F.6020103@tacocat.net обсуждение исходный текст |
| Ответ на | Re: Sql injection attacks (jseymour@linxnet.com (Jim Seymour)) |
| Список | pgsql-general |
Jim Seymour wrote: > Bill Moran <wmoran@potentialtech.com> wrote: > > [snip] > > I agree with Bill. Years ago (more years than I care to recall) I read > a book on structured systems design (IIRC) that advised one should > condition/convert data as early as possible in the process, throughout > the design. Amongst the advantages cited for this tactic was that then > you would know, everywhere else in the system, that you were dealing > only with conditioned data. That practice, taken to heart relatively > early in my career, has always stood me in good stead. Thus I > recommend to others the same approach. > > In short: Any data coming from an untrusted source should always be > de-fanged as early as possible. > Sounds like reading up on perl's Taint feature would be beneficial here as well. They have the similar attitude that if it hasn't been specifically de-loused, then it probably has lice.
В списке pgsql-general по дате отправления: