Home > mailing lists

Limit on number of queries from CGI or PHP (security) - Mailing list pgsql-general

From	Rikul Patel
Subject	Limit on number of queries from CGI or PHP (security)
Date	October 17, 2000 04:00:43
Msg-id	20001017080031.19989.qmail@web3403.mail.yahoo.com Whole thread Raw
Responses	Re: Limit on number of queries from CGI or PHP (security) Re: Limit on number of queries from CGI or PHP (security) Re: Limit on number of queries from CGI or PHP (security)
List	pgsql-general

Tree view

Hi,

Is there any way I can restrict number of queries to
only one? Here's the problem:

If PHP script gets some data as input from user, and
PHP scripts tries to put this data into Postgresql,
what's keeping the user to modify the data in way to
have postgresql execute two queries.

So instead of some PHP script generating query like
"select * from table where text='some text' or id=1",
some malicious user could make it generate "select *
from table where text='some text' or id=1;delete from
table"

Thanks,
Rikul

__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/

pgsql-general by date:

From: "Makiko Kudo"
Date: 17 October 2000, 01:29:55
Subject: temporary table size

From: Colin Taylor
Date: 17 October 2000, 04:18:20
Subject: Getting DateStyle Using C++ Library

Limit on number of queries from CGI or PHP (security) - Mailing list pgsql-general

Previous

Next