[PD] [psql] object hand-holding
Hans-Christoph Steiner
hans at eds.org
Mon Dec 10 22:04:59 CET 2007
On Dec 10, 2007, at 1:43 PM, Mike McGonagle wrote:
>
>
> On 12/10/07, Mathieu Bouchard <matju at artengine.ca> wrote:
> On Mon, 10 Dec 2007, Mike McGonagle wrote:
>
> > Could someone please explain that IMPORTANCE of worrying about SQL
> > injection? Just how would it effect users of PD?
>
> We don't know what pd users will do with [psql]. Do you?
>
>
> I guess what I am getting at is that I don't see how we can prevent
> people from using this maliciously. If they are creating the SQL
> and putting the data into it, how can we stop them from being
> idiots? Are you saying that we need to do data checking prior to
> the data being sent to the server? Or maybe I am not understanding
> what you are getting at...
Using the placeholder stuff will stop SQL injection attacks. The
interfaces we've discussed shouldn't make a difference in terms of
security as long as the placeholder stuff is properly implemented.
.hc
------------------------------------------------------------------------
----
Terrorism is not an enemy. It cannot be defeated. It's a tactic.
It's about as sensible to say we declare war on night attacks and
expect we're going to win that war. We're not going to win the war
on terrorism. - retired U.S. Army general, William Odom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20071210/b70abe33/attachment.htm>
More information about the Pd-list
mailing list