Re: Protection from SQL injection

Поиск
Список
Период
Сортировка
От Thomas Mueller
Тема Re: Protection from SQL injection
Дата
Msg-id 5f211bd50804270008l326acd69ia4b845e651992cfc@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Protection from SQL injection  ("Jaime Casanova" <systemguards@gmail.com>)
Список pgsql-sql
Hi,

>  but can't the developer allow literals again?

Executing the statement SET ALLOW_LITERALS should be restricted. The
application uses another user name / password and doesn't have to
access rights to enable it. Maybe the user name / password is
configured using JNDI, so the application developper has no influence
on that. In any case, even if the developer can enable literals, I
don't think he would, because he would be afraid to be caught
cheating.

Regards,
Thomas


В списке pgsql-sql по дате отправления:

Предыдущее
От: "Scott Marlowe"
Дата:
Сообщение: Re: Protection from SQL injection
Следующее
От: "Thomas Mueller"
Дата:
Сообщение: Re: Protection from SQL injection