Thomas,
> For PostgreSQL the 'disable literals' feature would be great
> publicity: PostgreSQL would be the first only major database that has
> a good story regarding SQL injection. Yes it's not the magic silver
> bullet, but databases like MS SQL Server, Oracle or MySQL would look
> really bad.
Please don't let the debate over this break your enthusiasm for improving
PostgreSQL security. We really care about security, which is why we want
to run your proposal throught the gauntlet.
You said you've done this for H2. Isn't H2 only accessable through Java,
though? How many people are using literals in Java?
And, as of this week MSSQL already looks really bad. 300,000 worm-infected
servers, and counting!
--
--Josh
Josh Berkus
PostgreSQL @ Sun
San Francisco