librelist archives

home // archives //

« back to archive

Sql injection

Sql injection

From:
Italo Maia
Date:
2010-09-01 @ 23:58 
How to deal with sql injection in flask? Is there any doc about it?

-- 
"A arrogância é a arma dos fracos."

===========================
Italo Moreira Campelo Maia
Graduado em Ciência da Computação - UECE
Desenvolvedor WEB e Desktop (Java, Python, Lua)
Coordenador do Pug-CE
-----------------------------------------------------
http://www.italomaia.com/
http://twitter.com/italomaia/
http://eusouolobomau.blogspot.com/
-----------------------------------------------------
turtle linux 910 - http://tiny.cc/blogturtle910
===========================

Re: [flask] Sql injection

From:
Francisco Souza
Date:
2010-09-02 @ 00:01 
>
> 2010/9/1 Italo Maia <italo.maia@gmail.com>
> How to deal with sql injection in flask? Is there any doc about it?
>

Hi Italo,
Flask is not a persistence framework, so Flask doesn't have to deal with SQL
injection :)

Cheers
Francisco Souza
Software developer at Giran and also full time
Open source evangelist at full time

English: http://www.franciscosouza.net
Portuguese: http://www.franciscosouza.com.br
Twitter: @franciscosouza
+55 27 3026 0264


2010/9/1 Italo Maia <italo.maia@gmail.com>

> How to deal with sql injection in flask? Is there any doc about it?
>
> --
> "A arrogância é a arma dos fracos."
>
> ===========================
> Italo Moreira Campelo Maia
> Graduado em Ciência da Computação - UECE
> Desenvolvedor WEB e Desktop (Java, Python, Lua)
> Coordenador do Pug-CE
> -----------------------------------------------------
> http://www.italomaia.com/
> http://twitter.com/italomaia/
> http://eusouolobomau.blogspot.com/
> -----------------------------------------------------
> turtle linux 910 - http://tiny.cc/blogturtle910
> ===========================
>

Re: [flask] Sql injection

From:
Italo Maia
Date:
2010-09-02 @ 00:12 
What i mean is, flask offer something to escape data for queries?
flask.escape doesn't do the trick, right? Something about sql injection
could be mentioned in the docs when talking about database (like SA).


2010/9/1 Francisco Souza <francisco@franciscosouza.net>

> 2010/9/1 Italo Maia <italo.maia@gmail.com>
>>
>> How to deal with sql injection in flask? Is there any doc about it?
>>
>
> Hi Italo,
> Flask is not a persistence framework, so Flask doesn't have to deal with
> SQL injection :)
>
> Cheers
> Francisco Souza
> Software developer at Giran and also full time
> Open source evangelist at full time
>
> English: http://www.franciscosouza.net
> Portuguese: http://www.franciscosouza.com.br
> Twitter: @franciscosouza
> +55 27 3026 0264
>
>
> 2010/9/1 Italo Maia <italo.maia@gmail.com>
>
> How to deal with sql injection in flask? Is there any doc about it?
>>
>> --
>> "A arrogância é a arma dos fracos."
>>
>> ===========================
>> Italo Moreira Campelo Maia
>> Graduado em Ciência da Computação - UECE
>> Desenvolvedor WEB e Desktop (Java, Python, Lua)
>> Coordenador do Pug-CE
>> -----------------------------------------------------
>> http://www.italomaia.com/
>> http://twitter.com/italomaia/
>> http://eusouolobomau.blogspot.com/
>> -----------------------------------------------------
>> turtle linux 910 - http://tiny.cc/blogturtle910
>> ===========================
>>
>
>


-- 
"A arrogância é a arma dos fracos."

===========================
Italo Moreira Campelo Maia
Graduado em Ciência da Computação - UECE
Desenvolvedor WEB e Desktop (Java, Python, Lua)
Coordenador do Pug-CE
-----------------------------------------------------
http://www.italomaia.com/
http://twitter.com/italomaia/
http://eusouolobomau.blogspot.com/
-----------------------------------------------------
turtle linux 910 - http://tiny.cc/blogturtle910
===========================

Re: [flask] Sql injection

From:
Armin Ronacher
Date:
2010-09-02 @ 00:48 
Hi,

On 2010-09-02 2:12 AM, Italo Maia wrote:
> What i mean is, flask offer something to escape data for queries?
> flask.escape doesn't do the trick, right? Something about sql injection
> could be mentioned in the docs when talking about database (like SA).
The Python database layers already provide built-in protection against 
SQL injection.  Check the SQLite Flask example for more information:

http://flask.pocoo.org/docs/patterns/sqlite3/


Regards,
Armin

Archives based on code by Armin Ronacher //