From: | Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it> |
---|---|
To: | pgsql-sql(at)postgresql(dot)org |
Subject: | Re: Protection from SQL injection |
Date: | 2008-04-27 09:29:09 |
Message-ID: | 20080427112909.053cab47@dawn.webthatworks.it |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
On Sat, 26 Apr 2008 23:24:59 -0600
"Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> wrote:
> On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> > IIRC there was some discussion recently of providing a mode in
> > which the server would reject PQexec strings containing more than
> > one query. I didn't care for it much at the time, but I think it
> > would provide most of the benefit of these suggestions with far
> > less compatibility or performance hit.
>
> agreed.
> And I trust (SQL) code review more than tying the hands of the
> programmers.
> But I've always had the luxury of working with developers who liked
> me as a DBA and were willing to do things my way, as far as the DB
> was concerned anyway...
what if you're the DBA and the dev and you don't trust yourself even
if you'd be willing to do the things your way ;)
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
From | Date | Subject | |
---|---|---|---|
Next Message | Ivan Sergio Borgonovo | 2008-04-27 10:38:48 | Re: Protection from SQL injection |
Previous Message | Thomas Mueller | 2008-04-27 09:14:11 | Re: Protection from SQL injection |