Brian Aker wrote: > Hi! > > Its been possible to do the following via the protocol: > > select 1; select 1; > > And send them in the same packet. What is the problem? > > SQL injection. > > It makes it really simple for someone to pack in a new SQL statement by > accident. > > I am thinking we should header the protocol so that each statement is in > its own envelope. You can still send multiple SQL statements in the same > packet, but not via a simple delimiter. > > And while we are at it remove the delimiter command and make sure all of > its logic is in the client, not the server.
YES!!! The delimiter thing is quite remarkably dumb. Monty _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp

