Hi!
Its been possible to do the following via the protocol:
select 1; select 1;
And send them in the same packet. What is the problem?
SQL injection.
It makes it really simple for someone to pack in a new SQL statement
by accident.
I am thinking we should header the protocol so that each statement is
in its own envelope. You can still send multiple SQL statements in the
same packet, but not via a simple delimiter.
And while we are at it remove the delimiter command and make sure all
of its logic is in the client, not the server.
Cheers,
-Brian
--
_______________________________________________________
Brian "Krow" Aker, brian at tangent.org
Seattle, Washington
http://krow.net/ <-- Me
http://tangent.org/ <-- Software
_______________________________________________________
You can't grep a dead tree.
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp