On Wed, Dec 17, 2008 at 11:32 AM, Travis Veazey
wrote:
> if you have a database you risk
> being exposed to SQL injection attacks if you do not harden your app against
> them.
This is actually two statements:
1. If you have a SQL database, you run some theoretical risk of SQL
injection attacks
On Wed, 2008-12-17 at 08:11 -0900, Travis Veazey wrote:
[...]
> I've tried searching the Django documentation, but "SQL injection"
> turns up nothing, and "escaping input" only produces results related
> to auto-escaping output in templates.
Karen has already pointed you to one piece of backgro
Karen,
Thanks! That's exactly what I was looking for!
Kenneth,
You may want to check out that link Karen provided. Nothing in my original
e-mail, except the implication that I know how to secure a PHP web app and
am asking for help securing a Django one, is limited to PHP - SQL injection
is an at
On Wed, Dec 17, 2008 at 12:11 PM, Travis Veazey wrote:
> [snip]I've tried searching the Django documentation, but "SQL injection"
> turns up nothing, and "escaping input" only produces results related to
> auto-escaping output in templates.
>
It may not be in the docs, but there's a whole chapte
On Wednesday 17 Dec 2008 10:41:02 pm Travis Veazey wrote:
> If the Django models don't do their own escaping, how can I escape user
> input to prevent SQL injection attacks?
python !== php
--
regards
KG
http://lawgon.livejournal.com
--~--~-~--~~~---~--~~
You rec
5 matches
Mail list logo
