-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Micha,
> If we think so, then we have two options: > > 1. Enable the escape mode of SQL LIKE and check all values very carefully. > > 2. Distinct between like and equal (and relax about certificate search). > Definitly go for 2! If I sum up the last posts and private disucssions, the escaping differs bteween the dbrms and partially even depends on version or config options. I guess its nearly impossible to reliably detect and cover all of them. As you wrote, we really use/need LIKE only in the certificate search via the frontends and sanitizing the input here should be a doable task. Oliver - -- Protect your environment - close windows and adopt a penguin! PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF 8168 CAB7 B0DD 3985 1721 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9eSZgACgkQyrew3TmFFyGGIACfYXhpur0Vx0+oDdD1OZWOM95y Vn8An0MCSusXO4RWF3+iIskkvduEATI8 =1z+k -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ OpenXPKI-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-devel
