Quick Links

Re: Sql injection attacks

From:	Doug McNaught <doug(at)mcnaught(dot)org>
To:	Geoff Caplan <geoff(at)variosoft(dot)com>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Sql injection attacks
Date:	2004-07-26 13:45:25
Message-ID:	87bri27uh6.fsf@asmodeus.mcnaught.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Geoff Caplan <geoff(at)variosoft(dot)com> writes:

> But in web work, you are often using GET/POST data directly in your
> SQL clauses, so the untrusted data is part of the query syntax and not
> just a value.

Can you give an example of this that isn't also an example of
obviously bad application design?

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
--T. J. Jackson, 1863

In response to

Re: Sql injection attacks at 2004-07-26 08:58:11 from Geoff Caplan

Responses

Re: Sql injection attacks at 2004-07-26 14:16:28 from Geoff Caplan

Browse pgsql-general by date

	From	Date	Subject
Next Message	Jerry LeVan	2004-07-26 13:52:28	isNumeric function?
Previous Message	Gaetano Mendola	2004-07-26 12:37:58	Re: selecting more that 2 tables based on 1 subquery find an error