|
|
Subscribe / Log in / New account

Savannah.gnu.org compromised

Savannah.gnu.org compromised

Posted Dec 1, 2010 10:22 UTC (Wed) by dgm (subscriber, #49227)
In reply to: Savannah.gnu.org compromised by Trelane
Parent article: Savannah.gnu.org compromised

Nothing to do with SQL. The problem lies in the libraries used to send queries from your code to the server.

Those libraries should prevent any kind of constant value in the query string, and force all values through bound variables.

A pass-through should also exist, otherwise applications like a SQL expression editor or a database shell would be impossible, but they should be made so inconvenient as to prevent casual usage, and keep it for the things that really need this capability.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds