Doesn't that require the SQL parser to understand semi-colons? GQL does not.
-- Ikai Lan Developer Programs Engineer, Google App Engine Blogger: http://googleappengine.blogspot.com Reddit: http://www.reddit.com/r/appengine Twitter: http://twitter.com/app_engine On Fri, Nov 26, 2010 at 6:41 AM, Barry Hunter <[email protected]>wrote: > Even read-only SQL injection has its 'uses'. Ie. it can be used to > exploit 'SELECT's. > > For example, in some systems, depending on how login is implemented > its possible to use SQL injection to login as an admin user - to pick > one possible use. > > On 26 November 2010 13:38, Tim Hoffman <[email protected]> wrote: > > GQL is read only , so you can't inject anything if your using GQL, or > > for that matter Query objects. > > > > T > > > > On Nov 26, 8:37 pm, pdknsk <[email protected]> wrote: > >> And by clarify I mean verify. > > > > -- > > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
