Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.fsmpi.rwth-aachen.de!news-1.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Robert Klemme <shortcutter@googlemail.com>
Newsgroups: comp.databases.postgresql
Subject: Re: in general for security do you use stored procs only?
Date: Thu, 20 Jun 2013 19:21:46 +0200
Lines: 15
Message-ID: <b2gs1lFdgc8U1@mid.individual.net>
References: <aef2b761-9572-4f4f-937c-054caf4855d5@googlegroups.com> <a6f2a2f9-8ee5-4b29-8d5d-95c5c9c6cd58@googlegroups.com> <ec355e93-2f7d-46f4-bb4b-0754f5b88289@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 5yjfSngVXiJYU+TCyFur2wgCboFQYxbDJLrakk+zA8unrS4PM=
Cancel-Lock: sha1:IHTwAS4CDi8d4N1Et8PpM9n5sW8=
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
In-Reply-To: <ec355e93-2f7d-46f4-bb4b-0754f5b88289@googlegroups.com>
X-Antivirus: avast! (VPS 130620-1, 20.06.2013), Outbound message
X-Antivirus-Status: Clean
Xref: csiph.com comp.databases.postgresql:472

On 20.06.2013 00:26, johannes falcone wrote:
> like someone logs in as the web app, and does select * from *
> sweeping through that entire database for all info?

And stored procedures help exactly how to prevent that?  You probably 
rather want to look up "SQL injection" with your favorite duckduckgo.

Cheers

	robert


-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/