Replies: 1 comment 1 reply
-
|
Hello! I'm not sure I see the security benefits of this. If you know a static list of authorized scripts, you can just hardcode them in the sql code, can't you? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Yeah, good point. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Assuming the commands to "exec" and SQL scripts to "run_sql" are not dynamically generated, SQLpage might maintain a table of hashes of pre-authorized commands and a table of hashes of approved SQL scripts. Then both functions may be extended to take an optional second parameter instructing the server to validate the hash before execution and throwing an error for invalid hashes.
Beta Was this translation helpful? Give feedback.
All reactions