[sqlalchemy] Re: sqlalchemy and securtiy
Michael Bayer ha scritto: pretty much. we use bind parameters for everything literal. also we dont spit out the DB passwords in error messages. not sure if you turn on connection pool logging if some of the DBAPIs put the passwords in the __repr__ for their connection objects, thats something that could be tested. psycopg2 shows the password in the __repr__, but the problem should be fixed now. http://initd.org/tracker/psycopg/ticket/147 Regards Manlio Perillo --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~--~~~~--~~--~--~---
[sqlalchemy] Re: sqlalchemy and securtiy
Hi, An ORM does not have many security responsibilities - most of these are either in the application on top, or the underlying database. You rightly point out that sqlalchemy does effectively prevent SQL injection - by using bind parameters internally. Paul On 2/15/07, dischdennis [EMAIL PROTECTED] wrote: Hi there, I am currently writing my thesis and using sqlalchemy as mapper. I did not find anything security related in the docu. Maybe can you give me some examples how sql alchemy supports security? For example I think it prevents SQLInjection. Dennis --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~--~~~~--~~--~--~---
[sqlalchemy] Re: sqlalchemy and securtiy
pretty much. we use bind parameters for everything literal. also we dont spit out the DB passwords in error messages. not sure if you turn on connection pool logging if some of the DBAPIs put the passwords in the __repr__ for their connection objects, thats something that could be tested. On Feb 15, 10:03 am, Paul Johnston [EMAIL PROTECTED] wrote: Hi, An ORM does not have many security responsibilities - most of these are either in the application on top, or the underlying database. You rightly point out that sqlalchemy does effectively prevent SQL injection - by using bind parameters internally. Paul On 2/15/07, dischdennis [EMAIL PROTECTED] wrote: Hi there, I am currently writing my thesis and using sqlalchemy as mapper. I did not find anything security related in the docu. Maybe can you give me some examples how sql alchemy supports security? For example I think it prevents SQLInjection. Dennis --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups sqlalchemy group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~--~~~~--~~--~--~---