Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.databases.postgresql > #487

Re: is it security 101 to have all web apps use only stored procedures to get data?

From Robert Klemme <shortcutter@googlemail.com>
Newsgroups comp.databases.postgresql
Subject Re: is it security 101 to have all web apps use only stored procedures to get data?
Date 2013-09-12 23:20 +0200
Message-ID <b9eph2FrjdaU1@mid.individual.net> (permalink)
References <5cb77a84-9d58-4d05-8837-990f10f79512@googlegroups.com> <kunrcg$q2l$1@gonzo.reversiblemaps.ath.cx> <slrnl34733.flr.majk@fly.srk.fer.hr>

Show all headers | View raw

On 12.09.2013 21:56, Mario Splivalo wrote:
> On 2013-08-17, Jasen Betts <jasen@xnet.co.nz> wrote:
>> On 2013-08-16, johannes falcone <visphatesjava@gmail.com> wrote:
>>> is it security 101 to have all web apps use only
>>> stored procedures to get data?
>>
>> No, that's just one way, and
>> it isn't neccessarily foolproof.
>
> It can help greatly in preventing SQLi attacks.

Bind variables do so as well.

	robert


-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/

Back to comp.databases.postgresql | Previous | NextPrevious in thread | Find similar

Thread

is it security 101 to have all web apps use only stored procedures to get data? johannes falcone <visphatesjava@gmail.com> - 2013-08-15 21:10 -0700
  Re: is it security 101 to have all web apps use only stored procedures to get data? Jasen Betts <jasen@xnet.co.nz> - 2013-08-17 12:47 +0000
    Re: is it security 101 to have all web apps use only stored procedures to get data? Mario Splivalo <majk@fly.srk.fer.hr> - 2013-09-12 19:56 +0000
      Re: is it security 101 to have all web apps use only stored   procedures to get data? Robert Klemme <shortcutter@googlemail.com> - 2013-09-12 23:20 +0200

csiph-web