[PD] [psql] object hand-holding

Hans-Christoph Steiner hans at eds.org
Mon Dec 10 22:04:59 CET 2007

On Dec 10, 2007, at 1:43 PM, Mike McGonagle wrote:

> On 12/10/07, Mathieu Bouchard <matju at artengine.ca> wrote:
> On Mon, 10 Dec 2007, Mike McGonagle wrote:
> > Could someone please explain that IMPORTANCE of worrying about SQL
> > injection? Just how would it effect users of PD?
> We don't know what pd users will do with [psql]. Do you?
> I guess what I am getting at is that I don't see how we can prevent  
> people from using this maliciously. If they are creating the SQL  
> and putting the data into it, how can we stop them from being  
> idiots? Are you saying that we need to do data checking prior to  
> the data being sent to the server? Or maybe I am not understanding  
> what you are getting at...

Using the placeholder stuff will stop SQL injection attacks.  The  
interfaces we've discussed shouldn't make a difference in terms of  
security as long as the placeholder stuff is properly implemented.



Terrorism is not an enemy.  It cannot be defeated.  It's a tactic.   
It's about as sensible to say we declare war on night attacks and  
expect we're going to win that war.  We're not going to win the war  
on terrorism.        - retired U.S. Army general, William Odom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20071210/b70abe33/attachment.htm>

More information about the Pd-list mailing list