[PATCH 2/2] Added SQLite history plugin
Dario
djdas at djdas.net
Tue Apr 6 03:55:39 PDT 2010
Bastian, Waldo ha scritto:
> The message handling in this patch seems to be vulnerable to SQL injection attacks. See http://en.wikipedia.org/wiki/SQL_injection
>
> Cheers,
> Waldo
Hi Waldo,
I didn't think of a message carrying an SQL injection :)
Honestly I would use prepared statement since start of the job but I
didn't manage how to do them in SQLite but I agree with you they're more
secure and the code is cleaner, so I converted the source to them after
studying their use.
Thank you for your suggestion.
Best Regards,
Dario.
More information about the ofono
mailing list