Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.postgresql > #487
| Path | csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail |
|---|---|
| From | Robert Klemme <shortcutter@googlemail.com> |
| Newsgroups | comp.databases.postgresql |
| Subject | Re: is it security 101 to have all web apps use only stored procedures to get data? |
| Date | Thu, 12 Sep 2013 23:20:25 +0200 |
| Lines | 19 |
| Message-ID | <b9eph2FrjdaU1@mid.individual.net> (permalink) |
| References | <5cb77a84-9d58-4d05-8837-990f10f79512@googlegroups.com> <kunrcg$q2l$1@gonzo.reversiblemaps.ath.cx> <slrnl34733.flr.majk@fly.srk.fer.hr> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Trace | individual.net OAjVpB56PIVddkcLIHSQ1g2uOci0r1mn+V9hHnsFEZ64yogI0= |
| Cancel-Lock | sha1:WJZz7W1n9IB3YWliFaFJdt3K5vQ= |
| User-Agent | Mozilla/5.0 (Windows NT 6.0; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 |
| In-Reply-To | <slrnl34733.flr.majk@fly.srk.fer.hr> |
| X-Antivirus | avast! (VPS 130912-1, 12.09.2013), Outbound message |
| X-Antivirus-Status | Clean |
| Xref | csiph.com comp.databases.postgresql:487 |
Show key headers only | View raw
On 12.09.2013 21:56, Mario Splivalo wrote: > On 2013-08-17, Jasen Betts <jasen@xnet.co.nz> wrote: >> On 2013-08-16, johannes falcone <visphatesjava@gmail.com> wrote: >>> is it security 101 to have all web apps use only >>> stored procedures to get data? >> >> No, that's just one way, and >> it isn't neccessarily foolproof. > > It can help greatly in preventing SQLi attacks. Bind variables do so as well. robert -- remember.guy do |as, often| as.you_can - without end http://blog.rubybestpractices.com/
Back to comp.databases.postgresql | Previous | Next — Previous in thread | Find similar
is it security 101 to have all web apps use only stored procedures to get data? johannes falcone <visphatesjava@gmail.com> - 2013-08-15 21:10 -0700
Re: is it security 101 to have all web apps use only stored procedures to get data? Jasen Betts <jasen@xnet.co.nz> - 2013-08-17 12:47 +0000
Re: is it security 101 to have all web apps use only stored procedures to get data? Mario Splivalo <majk@fly.srk.fer.hr> - 2013-09-12 19:56 +0000
Re: is it security 101 to have all web apps use only stored procedures to get data? Robert Klemme <shortcutter@googlemail.com> - 2013-09-12 23:20 +0200
csiph-web