Re: User permissions
От | tony |
---|---|
Тема | Re: User permissions |
Дата | |
Msg-id | 1016115566.18797.140.camel@vaio обсуждение исходный текст |
Ответ на | Re: User permissions ("Lars Preben S. Arnesen" <l.p.arnesen@usit.uio.no>) |
Ответы |
Re: User permissions
|
Список | pgsql-general |
On Thu, 2002-03-14 at 14:35, Lars Preben S. Arnesen wrote: > But what if your JSP-script lets an evil user insert sql statements > via a form in your web application. Then the approved application on > your own server, with the right username/password send possible nasty > SQL to the database. Of course this requires security holes in the web > application layer, but hey: it is holes like that in at least half of > every dynamic web site out there. I don't think I'm any better so I > want to use security at _all_ levels, including the database. You have got me worried. How is "select * from password" submited to a database table going to execute? I mean in my applications I can submit datatypes to rows in a table. How do I submit sql or java code that will execute? I know I can try to submit code via the URL but I was under the impression that the java security folk had cleaned that one up? As for sql code that will ececute it is beyond me. Please send me a working example offlist so that I can try it on my current project. Cheers Tony -- RedHat Linux on Sony Vaio C1XD/S http://www.animaproductions.com/linux2.html Macromedia UltraDev with PostgreSQL http://www.animaproductions.com/ultra.html
В списке pgsql-general по дате отправления: