| From: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
|---|---|
| To: | Sir Mordred The Traitor <mordred(at)s-mail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Little note to php coders |
| Date: | 2002-10-08 10:11:17 |
| Message-ID: | Pine.LNX.4.21.0210081106380.3248-100000@ponder.fairway2k.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
> Check out this link, if you need something to laugh at:
> http://www.postgresql.org/idocs/index.php?1'
>
> Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
> it is
> very dangerous i guess. Right?
I'm not sure what list this really fits onto so I've left as hackers.
The old argument about data validation and whose job it is. However, is there a
reason why all CGI parameters aren't scanned and rejected if they contain
any punctuation. I was going to say if they contain anything non alphanumeric
but then I'm not sure about internationalisation and that test.
--
Nigel J. Andrews
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vince Vielhaber | 2002-10-08 10:34:39 | Re: Little note to php coders |
| Previous Message | Sir Mordred The Traitor | 2002-10-08 09:58:34 | Little note to php coders |