[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cuirass news
From: |
Danny Milosavljevic |
Subject: |
Re: Cuirass news |
Date: |
Fri, 26 Jan 2018 15:30:05 +0100 |
Hi Ludo,
I saw that (cuirass database) has some problems with sql injection.
I defused it a little, see attached patch.
The idea is that sqlite-exec uses sqlite-bind to pass arguments
rather than formatting them on its own.
While we are at it, we can also reuse prepared statements (using the
sqltext as key to find the right one).
I also monitor sqlite accesses now - maybe that's overkill (see "with-mutex").
0001-database-Make-sqlite-exec-reuse-the-prepared-stateme.patch
Description: Text Data
- Cuirass news, Ludovic Courtès, 2018/01/24
- Re: Cuirass news, Mathieu Othacehe, 2018/01/25
- Re: Cuirass news, Mathieu Othacehe, 2018/01/25
- Re: Cuirass news, Ludovic Courtès, 2018/01/25
- Re: Cuirass news,
Danny Milosavljevic <=
- Re: Cuirass news, Ludovic Courtès, 2018/01/27
- Re: Cuirass news, Danny Milosavljevic, 2018/01/27
- Re: Cuirass news, Danny Milosavljevic, 2018/01/27
- Re: Cuirass news, Ludovic Courtès, 2018/01/28
- Re: Cuirass news, Danny Milosavljevic, 2018/01/28
- Re: Cuirass news, Andy Wingo, 2018/01/29
Re: Cuirass news, Ricardo Wurmus, 2018/01/25
Re: Cuirass news, Danny Milosavljevic, 2018/01/25