Re: Protection from SQL injection

fw@deneb.enyo.de (Florian Weimer) writes:
> * Thomas Mueller:
>
>> What do you think about it? Do you think it makes sense to implement
>> this security feature in PostgreSQL as well?
>
> Can't this be implemented in the client library, or a wrapper around it?
> A simple approximation would be to raise an error when you encounter a
> query string that isn't contained in some special configuration file.

This could be implemented in a client library, but that means that
you're still entirely as vulnerable; any client that chooses not to
use that library won't be protected.

It would be a mighty attractive thing to have something at the server
level to protect against the problem.
-- 
let name="cbbrowne" and tld="linuxfinances.info" in String.concat "@" [name;tld];;
http://linuxdatabases.info/info/lsf.html
If you add a couple of i's to Microsoft's stock ticker symbol, you get
'misfit'.  This is, of course, not a coincidence.