httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Deffontaines <vinc...@gryzor.com>
Subject Re: Documentation for mod_authn_dbd from a security point of view
Date Sun, 06 Jan 2013 17:57:16 GMT
Le Wed, 2 Jan 2013 14:37:37 +0000,
Nick Kew <niq@apache.org> a écrit :

> From my point of view, the chief reason for wanting this
> on-list is that changes have happened in the DBD stuff that
> might invalidate something I say.  Above all, the coming
> of drivers for backends I've never touched.
> 
> More eyes make for better docs.
> 

I have added a "security" note into the trunk doc of both 
mod_authn_dbd and mod_authz_dbd
Will commit it similarly into 2.4 in one week, please send corrections
if it's incomplete or inexact.

I added :
================= BEGIN PASTE =============
<section id="security">
<title>Preventing SQL injections</title>
  <p>Whether you need to care about SQL security depends on what DBD
driver and backend you use.  With most drivers you don't have to do
anything :
  the statement is prepared by the database at startup, and user input
is used only as data.  But you may need to untaint your input.  At the
time of writing, the only driver that requires you to take care is
FreeTDS.</p>
  <p>Please read <module>mod_dbd</module> documentation for more
information about security on this scope.</p>
</section>
================= END PASTE =============

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message