Re: Reduce large amount of logicals in SUBFL pgm, take in another direction -- RPG400-L

Subject: Re: Reduce large amount of logicals in SUBFL pgm, take in another direction
From: Charles Wilt <charles.wilt@xxxxxxxxx>
Date: Mon, 1 Aug 2011 15:22:04 -0400
List-archive: <http://archive.midrange.com/rpg400-l>
List-help: <mailto:rpg400-l-request@midrange.com?subject=help>
List-id: RPG programming on the IBM i / System i <rpg400-l.midrange.com>
List-post: <mailto:rpg400-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=unsubscribe>

Good point Paul...

so lets add indirect user input to my other reply...

"If the SQL statement doesn't get built using any form of
concatenation of direct or indirect user
input. It is not vulnerable to SQL injection."

Charles

On Mon, Aug 1, 2011 at 3:04 PM, Morgan, Paul <Paul.Morgan@xxxxxxxxxxx> wrote:

Michael,

If the SQL is concatenated from data in a file or data area and someone can modify that data indirectly then you are still vulnerable to SQL injection.

Paul Morgan

Principal Programmer Analyst
IT Supply Chain/Replenishment

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.