Re: [SECURITY] DoS attack on backend possible (was: Re:
Alvar Freude <alvar@a-blast.org>
From: Alvar Freude <alvar@a-blast.org>
To: ngpg@grymmjack.com, pgsql-hackers@postgresql.org
Date: 2002-08-18T11:55:21Z
Lists: pgsql-hackers
Hi, -- ngpg@grymmjack.com wrote: > What about checking the input for backslash, quote, > and double quote (\'")? If you are not taking care of those in input > then crashing the backend is going to be the least of your worries. with Perl and *using placeholders and bind values*, the application developer has not to worry about this. So, usually I don't check the values in my applications (e.g. if only values between 1 and 5 are allowed and under normal circumstances only these are possible), it's the task of the database (check constraint). Ciao Alvar -- ** ODEM ist für den poldi Award nominiert! http://www.poldiaward.de/ ** http://www.poldiaward.de/index.php?display=detail&cat=audi&item=24 ** http://odem.org/ ** Mehr Projekte: http://alvar.a-blast.org/