Quick Links

Re: HIPPA (was Re: Anyone know ...)

From:	Kevin Hunter <hunteke(at)earlham(dot)edu>
To:	Kenneth Downs <ken(at)secdat(dot)com>
Cc:	Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net>, PostgreSQL General List <pgsql-general(at)postgresql(dot)org>
Subject:	Re: HIPPA (was Re: Anyone know ...)
Date:	2007-03-09 18:42:35
Message-ID:	45F1AA9B.3070001@earlham.edu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

>> What about an SQL injection bug that allows for increased privileges?
>
> Um, web programming 101 is that you escape quotes on user-supplied
> inputs. That ends SQL injection.

Pardon my naivete (I'm fairly new to web/DB programming) . . . is this
the current standard method of protection from SQL injection? How does
it compare to SQL preparation with bound variables?

Kevin

In response to

Re: HIPPA (was Re: Anyone know ...) at 2007-03-09 17:27:12 from Kenneth Downs

Responses

Re: HIPPA (was Re: Anyone know ...) at 2007-03-09 18:53:15 from Kenneth Downs

Browse pgsql-general by date

	From	Date	Subject
Next Message	Richard Broersma Jr	2007-03-09 18:46:20	Re: Sw to generate ER model
Previous Message	Martin Gainty	2007-03-09 18:40:00	Re: PostgreSQL to Oracle