Eliminating the problem
Posted Jun 1, 2006 8:28 UTC (Thu) by ncm
Parent article: SQL injection vulnerabilities in PostgreSQL
Most injection holes are a result of trying to scrub user input by trying to escape characters from a list of troublemakers (or, worse, not bothering). If, instead, programs would discard (or, if necessary, escape) all characters *except* those in a known-good list, most of the subtleties would vanish. It's much better to eliminate a problem than to patch around it.
to post comments)