Brian Aker wrote:
> Hi!
> 
> Its been possible to do the following via the protocol:
> 
> select 1; select 1;
> 
> And send them in the same packet. What is the problem?
> 
> SQL injection.
> 
> It makes it really simple for someone to pack in a new SQL statement by
> accident.
> 
> I am thinking we should header the protocol so that each statement is in
> its own envelope. You can still send multiple SQL statements in the same
> packet, but not via a simple delimiter.
> 
> And while we are at it remove the delimiter command and make sure all of
> its logic is in the client, not the server.

YES!!! The delimiter thing is quite remarkably dumb.

Monty

_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help   : https://help.launchpad.net/ListHelp

Reply via email to