Re: pgAdmin 4 commit: Don't quote variable values used by SET. It's usually

On Mon, Feb 5, 2018 at 2:26 AM, Ashesh Vashi wrote: > On Mon, Feb 5, 2018 at 1:35 AM, Dave Page wrote: > >> Hi >> >> On 4 Feb 2018, at 18:07, Ashesh Vashi >> wrote: >> >> Hi Dave, >> >> There is a possibility of

Re: pgAdmin 4 commit: Don't quote variable values used by SET. It's usually

On Mon, Feb 5, 2018 at 1:35 AM, Dave Page wrote: > Hi > > On 4 Feb 2018, at 18:07, Ashesh Vashi > wrote: > > Hi Dave, > > There is a possibility of SQL Injection (if we don't use qtLiteral. > We need some kind of check for this. > > What do you

Re: pgAdmin 4 commit: Don't quote variable values used by SET. It's usually

Hi > On 4 Feb 2018, at 18:07, Ashesh Vashi wrote: > > Hi Dave, > > There is a possibility of SQL Injection (if we don't use qtLiteral. > We need some kind of check for this. > > What do you say? The user is already logged in, and could run the query tool anyway