[EMAIL PROTECTED] (Florian Weimer) writes: > * Thomas Mueller: > >> What do you think about it? Do you think it makes sense to implement >> this security feature in PostgreSQL as well? > > Can't this be implemented in the client library, or a wrapper around it? > A simple approximation would be to raise an error when you encounter a > query string that isn't contained in some special configuration file.
This could be implemented in a client library, but that means that you're still entirely as vulnerable; any client that chooses not to use that library won't be protected. It would be a mighty attractive thing to have something at the server level to protect against the problem. -- let name="cbbrowne" and tld="linuxfinances.info" in String.concat "@" [name;tld];; http://linuxdatabases.info/info/lsf.html If you add a couple of i's to Microsoft's stock ticker symbol, you get 'misfit'. This is, of course, not a coincidence. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
