Re: Protection from SQL injection

From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-05-02 20:47:12
Message-ID: 20080502204712.GL21477@commandprompt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, May 02, 2008 at 03:58:01PM -0400, Chris Browne wrote:

> Andrew Sullivan recently had some choice words about the merits of
> ENUM; I think the same applies to drivers that do
> PQexec("COMMIT;BEGIN")...

Oh, heaven. I can at least think of ways to use ENUM such that you
can justify the trade-off. I can think of no excuse whatever for
PQexec("COMMIT; BEGIN"). That's just lazy and sloppy.

Note also that more recent releases, concurrent with the improvements
to the drivers, also reduce the impact of this sort of database misuse
slightly.

But really, people who are doing that sort of thing have no excuse for
themselves. They should be relegated to the same circle of hell as
people who think it's a good plan to write a crappy schema the first
time, because you can always optimise later.

A

--
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2008-05-02 20:49:39 Re: [HACKERS] GUC parameter cursors_tuple_fraction
Previous Message Hell, Robert 2008-05-02 20:41:07 Re: [HACKERS] GUC parameter cursors_tuple_fraction