[PD] [psql] object hand-holding

Mathieu Bouchard matju at artengine.ca
Sat Dec 22 05:28:17 CET 2007

On Fri, 21 Dec 2007, Mike McGonagle wrote:

> Well, this is one of those reasons why I am starting with using SQLite, I
> think it would be much easier than working with a networked database. And if
> someone is being 'dishonest', then they are only effecting themselves.

When we're talking about networking vs databases, it's not about the 
database connection being over TCP. We're talking about input that comes 
from non-trusted people and goes to a patch made by trusted people. It 
doesn't matter much whether the DB engine is just a library or also a 

>> While we can try to protect against various things, those that want to
>>> be malicious will do so anyway.
>> This is not true. Every step is important in making it more difficult for
>> abuse to happen.
> Well, if we are allowing these people to construct their own SQL and they
> are building their own stuff, just how can we stop them from being
> malicious? I mean, the only real way to stop this completely, is to not
> produce a network version of this, and only deal with standalone.

I'm not going to continue talking about this topic. I wish you good luck.

  _ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada

More information about the Pd-list mailing list