From: tomas@tuxteam.de
To: help-gnu-emacs@gnu.org
Subject: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Date: Mon, 21 Jun 2021 23:15:47 +0200 [thread overview]
Message-ID: <20210621211547.GA12274@tuxteam.de> (raw)
In-Reply-To: <YND4SVCzYHZHqKjp@protected.localdomain>
[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]
On Mon, Jun 21, 2021 at 11:36:25PM +0300, Jean Louis wrote:
> * tomas@tuxteam.de <tomas@tuxteam.de> [2021-06-21 17:12]:
> > But you still see extremely bad habits "out there" which wouldn't be
> > necessary these days -- because, well, they are "out there" (for
> > example: assebling SQL queries with sprintf [1]). They take a life
> > of their own :-)
> >
> > Cheers
> > [1] https://xkcd.com/327/
>
> Your small reference is definitely a possible danger if SQL input is
> anyhow exposed [...]
M< hint was rather a metaphor: using string operations on things that
aren't really strings (in the original case: file system paths) can
lead to surprising results.
> the danger mentioned on the funny comic is practically non-existent as
> it will never take place on my side [...]
But your side is not "the world", and therefore Eli's warning was
spot-on. Someone will browse the mail archives and copy your solution
without knowing the dangers.
> I am heavy user of the Emacs package: emacs-libpq @ Github
> https://github.com/anse1/emacs-libpq
No idea and no bandwidth to read it all. If you are tied to
PostgreSQL (a good choice, I'd say), consider using prepared
queries: they do what client-side template expansion (even the
careful kind, with unescaping and all), and I'd expect them to
do it much better, since PostgreSQL knows its own syntax best.
Cheers
- t
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2021-06-21 21:15 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 1:40 Emacs Modular Configuration: the preferable way Hongyi Zhao
2021-06-21 2:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 6:40 ` Jean Louis
2021-06-21 16:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 19:55 ` Jean Louis
2021-06-22 0:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 10:14 ` Arthur Miller
2021-06-21 16:40 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:25 ` [External] : " Drew Adams
2021-06-26 0:17 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 0:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:38 ` Arthur Miller
2021-06-22 0:03 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:17 ` Jean Louis
2021-06-22 7:52 ` Arthur Miller
2021-06-26 6:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 11:29 ` Eli Zaretskii
2021-06-21 12:45 ` Philip Kaludercic
2021-06-21 12:55 ` Eli Zaretskii
2021-06-21 13:59 ` [External] : " Drew Adams
2021-06-21 16:51 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:08 ` Eli Zaretskii
2021-06-21 18:26 ` FW: " Drew Adams
2021-06-26 0:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 14:11 ` tomas
2021-06-21 16:47 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:06 ` Eli Zaretskii
2021-06-21 21:09 ` Jean Louis
2021-06-22 11:45 ` Eli Zaretskii
2021-06-22 12:29 ` Jean Louis
2021-06-22 13:07 ` Eli Zaretskii
2021-06-21 20:05 ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-06-22 0:16 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 21:07 ` Jean Louis
2021-06-22 0:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:52 ` Printf and quoting in general, SQL injection in particular Jean Louis
2021-06-26 6:50 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 7:30 ` Yuri Khan
2021-06-26 7:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 9:37 ` tomas
2021-06-28 7:02 ` Jean Louis
2021-07-06 2:12 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 2:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 20:36 ` Emacs Modular Configuration: the preferable way Jean Louis
2021-06-21 21:15 ` tomas [this message]
2021-06-21 21:29 ` Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] Jean Louis
2021-06-22 0:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:47 ` Jean Louis
2021-06-26 6:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-28 6:56 ` Jean Louis
2021-07-06 1:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:04 ` Jean Louis
2021-07-06 20:19 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 12:12 ` Eli Zaretskii
2021-06-22 12:37 ` Jean Louis
2021-06-22 13:10 ` Eli Zaretskii
2021-06-22 15:45 ` Jean Louis
2021-06-22 16:04 ` Eli Zaretskii
2021-06-22 18:01 ` Jean Louis
2021-06-22 18:25 ` Eli Zaretskii
2021-06-26 6:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 7:15 ` Eli Zaretskii
2021-06-28 7:04 ` Jean Louis
2021-07-06 2:05 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:09 ` Jean Louis
2021-07-06 20:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-07 0:00 ` Jean Louis
2021-06-28 6:59 ` Jean Louis
2021-07-06 2:02 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:06 ` Jean Louis
2021-07-06 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 6:41 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 6:39 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 16:42 ` Emacs Modular Configuration: the preferable way Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 12:50 ` Lars Ingebrigtsen
2021-06-26 8:05 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 20:02 ` Jean Louis
2021-06-22 0:11 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:19 ` Jean Louis
2021-06-21 6:37 ` Jean Louis
2021-06-21 7:00 ` Hongyi Zhao
2021-06-21 10:06 ` Arthur Miller
2021-06-21 10:26 ` Hongyi Zhao
2021-06-21 11:10 ` Arthur Miller
2021-06-23 2:17 ` Hongyi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210621211547.GA12274@tuxteam.de \
--to=tomas@tuxteam.de \
--cc=help-gnu-emacs@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.