[Seaside] Avoiding SQL injections with squeak / seaside /
mysqldriver
Avi Bryant
avi.bryant at gmail.com
Thu Oct 19 16:57:08 UTC 2006
If you were using Postgres, I might suggest that you use the ROE
library, which abstracts the SQL generation so that you're never
doing any concatenation of any kind. However, it relies heavily on
sub-selects, so it doesn't play nicely with MySQL.
Avi
On Oct 19, 2006, at 9:51 AM, Boris Popov wrote:
> One thing you should do is make sure you never construct SQL by
> concatenation, but rather always use bound values (if Squeak's db
> interface supports them, of course).
>
> Cheers,
>
> -Boris
>
> --
> +1.604.689.0322
> DeepCove Labs Ltd.
> 4th floor 595 Howe Street
> Vancouver, Canada V6C 2T5
>
> boris at deepcovelabs.com
>
> CONFIDENTIALITY NOTICE
>
> This email is intended only for the persons named in the message
> header. Unless otherwise indicated, it contains information that is
> private and confidential. If you have received it in error, please
> notify the sender and delete the entire message including any
> attachments.
>
> Thank you.
>
> -----Original Message-----
> From: seaside-bounces at lists.squeakfoundation.org
> [mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of
> Vincent
> Girard-Reydet
> Sent: Thursday, October 19, 2006 9:46 AM
> To: seaside at lists.squeakfoundation.org
> Subject: [Seaside] Avoiding SQL injections with squeak / seaside /
> mysqldriver
>
> Hello,
>
> I hope this is the right place to ask the question.
> I'm using squeak / seaside and the mysql driver to implement a web
> site
> with database support.
>
> I wish to avoid SQL injections from user input.
>
> Does anyone know if there is something already in Squeak to do this
> (namely escaping quotes in user input) ?
>
> Thanks a lot.
>
> Vincent Girard-Reydet
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the Seaside
mailing list