Quick Links

Re: Protection from SQL injection

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Thomas Mueller <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Protection from SQL injection
Date:	2008-05-01 17:09:38
Message-ID:	4819F952.1020102@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Thomas Mueller wrote:
> Disabling literals is still the only way to actually protect from SQL
> injection. Except Meredith's libdejector, which is even a bit better
> as far as I see, but requires more work from the developer. I don't
> count Microsoft LINQ (or Java Quaere) currently because that would
> require a complete re-write of the application.
>
>
>

I honestly don't think there's any chance of this happening, for the
many good reasons previously covered in this debate.

cheers

andrew

In response to

Re: Protection from SQL injection at 2008-05-01 17:00:25 from Thomas Mueller

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2008-05-01 17:25:07	Re: Protection from SQL injection
Previous Message	Thomas Mueller	2008-05-01 17:00:25	Re: Protection from SQL injection