Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Robert Klemme <shortcutter@googlemail.com>
Newsgroups: comp.databases.postgresql
Subject: Re: is it security 101 to have all web apps use only stored   procedures to get data?
Date: Thu, 12 Sep 2013 23:20:25 +0200
Lines: 19
Message-ID: <b9eph2FrjdaU1@mid.individual.net>
References: <5cb77a84-9d58-4d05-8837-990f10f79512@googlegroups.com> <kunrcg$q2l$1@gonzo.reversiblemaps.ath.cx> <slrnl34733.flr.majk@fly.srk.fer.hr>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net OAjVpB56PIVddkcLIHSQ1g2uOci0r1mn+V9hHnsFEZ64yogI0=
Cancel-Lock: sha1:WJZz7W1n9IB3YWliFaFJdt3K5vQ=
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
In-Reply-To: <slrnl34733.flr.majk@fly.srk.fer.hr>
X-Antivirus: avast! (VPS 130912-1, 12.09.2013), Outbound message
X-Antivirus-Status: Clean
Xref: csiph.com comp.databases.postgresql:487

On 12.09.2013 21:56, Mario Splivalo wrote:
> On 2013-08-17, Jasen Betts <jasen@xnet.co.nz> wrote:
>> On 2013-08-16, johannes falcone <visphatesjava@gmail.com> wrote:
>>> is it security 101 to have all web apps use only
>>> stored procedures to get data?
>>
>> No, that's just one way, and
>> it isn't neccessarily foolproof.
>
> It can help greatly in preventing SQLi attacks.

Bind variables do so as well.

	robert


-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/