Re: Protecting a web app from Postgresql injection

Поиск
Список
Период
Сортировка
От Josh
Тема Re: Protecting a web app from Postgresql injection
Дата
Msg-id alpine.LRH.1.00.0801301724560.19793@home-av-server.home-av
обсуждение исходный текст
Ответ на Protecting a web app from Postgresql injection  (Mary Anderson <maryfran@demog.berkeley.edu>)
Список pgsql-novice
Дерево обсуждения 
Mary,

Are you using parameter substitution in your queries?  That is the best
way to protect against these kinds of attacks.

What language are you using?  We can provide examples of this if you'd
like.

Cheers,
-Josh

On Wed, 30 Jan 2008, Mary Anderson wrote:

> Date: Wed, 30 Jan 2008 13:48:59 -0800
> From: Mary Anderson <maryfran@demog.berkeley.edu>
> To: pgsql-novice@postgresql.org
> Subject: [NOVICE] Protecting a web app from Postgresql injection
>
> Hi all,
>   I have a web app I would like to protect against postgreSQL injection.
> What characters should I be on the lookout for?  Any Any suggestions for
> enhancing the security of my app are welcome.
>
> Mary Anderson
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
>

В списке pgsql-novice по дате отправления:

Предыдущее
От: Isaac Vetter
Дата:
Сообщение: Re: database row count
Следующее
От: "G. J. Walsh"
Дата:
Сообщение: postgresql-8.3RC2 and the continuing saga of libreadline