|
SQL Injection attacks on Python code
|
|
Oct-12-2022, 06:52 AM
You still need to use parameterised queries because you're probably going to miss things when trying to implement the sanitisation yourself. The libraries have been written by people who are experienced and are used widely, so will have been tested quite thoroughly. With security, it's better to rely on trusted software rather than doing it yourself.
Once again, my thanks.
For now, I think I'm going to go with the stance that, while place holders are a very good thing to use, they should not be 100% relied upon. One only has to follow the outstanding work that Steve Gibson has done and the Security Now Podcast to know that libraries that have been written by people who are experienced and are used widely are always being compromised, in one way or another. [Note: software libraries in general, not Python libraries specifically] It's been interesting to get feed back from you all and I will continue to do my own research into this. My thanks to everyone who has taken the time to respond.
Sig:
>>> import this The UNIX philosophy: "Do one thing, and do it well." "The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse "Everything should be made as simple as possible, but not simpler." :~ Albert Einstein |
|
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Better Understanding of Security and injection attacks SQLite | KevinBrown | 1 | 2,164 |
Apr-09-2019, 09:45 PM Last Post: Legomancer |
|
| Sql Injection using python | sumandas89 | 2 | 3,413 |
Jan-15-2018, 03:04 PM Last Post: metulburr |
|