Thomas, > For PostgreSQL the 'disable literals' feature would be great > publicity: PostgreSQL would be the first only major database that has > a good story regarding SQL injection. Yes it's not the magic silver > bullet, but databases like MS SQL Server, Oracle or MySQL would look > really bad.
Please don't let the debate over this break your enthusiasm for improving PostgreSQL security. We really care about security, which is why we want to run your proposal throught the gauntlet. You said you've done this for H2. Isn't H2 only accessable through Java, though? How many people are using literals in Java? And, as of this week MSSQL already looks really bad. 300,000 worm-infected servers, and counting! -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
