From: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "Thomas Kellerer" <spam_eater(at)gmx(dot)net>, pgsql-sql(at)postgresql(dot)org |
Subject: | Re: Protection from SQL injection |
Date: | 2008-04-27 05:24:59 |
Message-ID: | dcc563d10804262224l431f0ae3t6c75af94a1ef3876@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
On Sat, Apr 26, 2008 at 9:58 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> IIRC there was some discussion recently of providing a mode in which
> the server would reject PQexec strings containing more than one query.
> I didn't care for it much at the time, but I think it would provide
> most of the benefit of these suggestions with far less compatibility
> or performance hit.
agreed.
And I trust (SQL) code review more than tying the hands of the programmers.
But I've always had the luxury of working with developers who liked me
as a DBA and were willing to do things my way, as far as the DB was
concerned anyway...
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Mueller | 2008-04-27 07:08:30 | Re: Protection from SQL injection |
Previous Message | Tom Lane | 2008-04-27 03:58:40 | Re: Protection from SQL injection |