|
On Fri, 12 April 2002, "Hatzenbeler, Tim" wrote > I didn't want to scan through a possible 32k sql string looking for > libraries I didn't want to allow, so I figured switching the authority would > be better and faster.... And more secure... And scanning SQL statements requires _parsing_ the SQL. Embedded comments, quoted literals, sub-selects... any of these could contain character strings that matched a restricted library or object name. The pitfalls are many and performance can drop significantly. This is an area that requires great care. Tom Liotta -- Tom Liotta The PowerTech Group, Inc. 19426 68th Avenue South Kent, WA 98032 Phone 253-872-7788 Fax 253-872-7904 http://www.400Security.com ___________________________________________________ The ALL NEW CS2000 from CompuServe Better! Faster! More Powerful! 250 FREE hours! Sign-on Now! http://www.compuserve.com/trycsrv/cs2000/webmail/
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
