Re: [SECURITY] DoS attack on backend possible (was: Re:

Alvar Freude <alvar@a-blast.org>

From: Alvar Freude <alvar@a-blast.org>
To: ngpg@grymmjack.com, pgsql-hackers@postgresql.org
Date: 2002-08-18T11:55:21Z
Lists: pgsql-hackers
Hi,

-- ngpg@grymmjack.com wrote:

>  What about checking the input for backslash, quote, 
> and double quote (\'")?  If you are not taking care of those in input
> then  crashing the backend is going to be the least of your worries. 

with Perl and *using placeholders and bind values*, the application
developer has not to worry about this. So, usually I don't check the
values in my applications (e.g. if only values between 1 and 5 are
allowed and under normal circumstances only these are possible), it's the
task of the database (check constraint). 


Ciao
  Alvar


-- 
** ODEM ist für den poldi Award nominiert! http://www.poldiaward.de/
** http://www.poldiaward.de/index.php?display=detail&cat=audi&item=24
** http://odem.org/
** Mehr Projekte: http://alvar.a-blast.org/