Re: Is it possible to do some damage to database with SELECT query?

From: "A(dot) Kretschmer" <andreas(dot)kretschmer(at)schollglas(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Is it possible to do some damage to database with SELECT query?
Date: 2008-07-22 10:20:46
Message-ID: 20080722102046.GC2742@a-kretschmer.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

am Tue, dem 22.07.2008, um 12:50:31 +0300 mailte Teemu Juntunen folgendes:
> Hi,

First, don't hijack other threads!

>
> is it possible to make a SELECT query with some nasty follow up commands,
> which damages the database.
>
> Something like:
>
> SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales >
> (UPDATE order SET order=1);
>
> I know this wont work, but is there some possibility to modify database
> with SELECT query?

Sure, with sql-injection. There are a lot to read via google, for
instance http://en.wikipedia.org/wiki/SQL_injection

HTH, Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Oleg Bartunov 2008-07-22 10:34:07 Re: Using ISpell dictionary - headaches...
Previous Message Teemu Juntunen 2008-07-22 09:50:31 Is it possible to do some damage to database with SELECT query?