Re: Protection from SQL injection
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Protection from SQL injection |
| Дата | |
| Msg-id | 481785FD.1020903@dunslane.net обсуждение исходный текст |
| Ответ на | Re: Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>) |
| Ответы |
Re: Protection from SQL injection
|
| Список | pgsql-hackers |
Thomas Mueller wrote: >> Forbidding literals will break absolutely every SQL-using application on the planet >> > > Well, it's optional. If a developer or admin wants to use it, he will > know that it could mean some work. Even if the feature is not enabled, > it's still good to have it. And using constants will help document the > application. > > > What is not optional is the probably maintenance complexity of this scheme. Moreover, it seems unlikely that it will even cover the field. A partial cloak might indeed be worse than none, in that it will give some developers an illusion of having security. Before we embarked on such an enterprise, I would personally want to see fairly loud clamor from our user base for it. cheers andrew
В списке pgsql-hackers по дате отправления: