Steve Holden <[EMAIL PROTECTED]> wrote: >Your statement then becomes > >select * from foo where bar=1; drop table foo > >which is clearly not such a good idea.
I'm sure Steve is very well aware of this and was just providing a simple and obvious example, nevertheless it might be worth pointing out that anyody who connects their web application to their database as a user that has DROP TABLE privileges, would clearly be in need of a lot more help on basic security concepts than just advice on choosing a programming language. This goes back to the point somebody made earlier on in the thread - many web applications can be implemented as fairly simple wrappers around properly designed databases. "Properly designed" includes giving some thought to table ownership and privileges. -- http://mail.python.org/mailman/listinfo/python-list
