[PATCH 2/2] Added SQLite history plugin
Bastian, Waldo
waldo.bastian at intel.com
Tue Apr 6 09:12:18 PDT 2010
> Bastian, Waldo ha scritto:
> > The message handling in this patch seems to be vulnerable to SQL
> injection attacks. See http://en.wikipedia.org/wiki/SQL_injection
> >
> > Cheers,
> > Waldo
>
> Hi Waldo,
> I didn't think of a message carrying an SQL injection :)
> Honestly I would use prepared statement since start of the job but I
> didn't manage how to do them in SQLite but I agree with you they're more
> secure and the code is cleaner, so I converted the source to them after
> studying their use.
Thanks, much better :-)
Cheers,
Waldo
More information about the ofono
mailing list