Re: security hole in interactive sql call statement? -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: security hole in interactive sql call statement?
From: Tom Jedrzejewicz <tomjedrz@xxxxxxxxx>
Date: Tue, 16 Nov 2004 09:40:19 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=tH98J20S6rah6luxA5A/kRFq34gv9mw5g2zhZZVk+M9tsbyWCMB78L1kGd2beKyKlqeALvkZs7E3UQH+pXFj+WzBdWtiinkSFcBE7HRwK63k9jLPBE/YkL1QeHQ8lNU+ntJWYBbnK3zbhVHKKaeUXwboOkH9IewqxU2Z9zxqPf0=
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

On Tue, 16 Nov 2004 10:49:57 -0600, Lim Hock-Chai
<lim.hock-chai@xxxxxxxx> wrote:
> we have.  We might end up go with this route.  Most programmer (me) doesn't 
> really 
> like STRQM (asking all kind of questions before it exec the sql statement).

That said - you could restrict STRSQL and force them to use the SQL
execution through iSeries Access.  I don't think the same security
holw exists.

-- 
Tom Jedrzejewicz
tomjedrz@xxxxxxxxx

As an Amazon Associate we earn from qualifying purchases.

Follow-Ups:

Re: security hole in interactive sql call statement? , Tom Jedrzejewicz

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.