On Tue, Apr 29, 2008 at 04:33:01PM -0400, Andrew Dunstan wrote: > Moreover, it seems unlikely that it will even cover the field. A partial > cloak might indeed be worse than none, in that it will give some developers > an illusion of having security.
I think this is a really important point, and one that isn't getting enough attention in this discussion. Half a security measure is almost always worse than none at all, exactly because people stop thinking they have to worry about that area of security at all. I think without a convincing argument that the proposal will even come close to covering most SQL injection cases, it's a bad idea. A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers