Reputation: 1
Deny sql queries in string argument for a clish command
If possible I would like to have clish to rewrite any arguments that are not safe to inject in an sql query. Similar to doing for example mysql_real_escape_string in php.
From clish we are calling bashscripts that sometimes injects the arguments into sql queries. Offcourse we should check/rewrite the argument in the bash-script's, but making clish rewrite the query would be an extra security in case that are missed/forgotten.
Upvotes: 0
Views: 35
Answers (1)
Reputation: 1
I have made a wrapper that executes all clish commands. It will look like this in the command xml syntax:
<ACTION>execWrap aCommandToExecute ${someArgument}</ACTION>
execWrap will execute "aCommandToExecute" with all folowing arguments passed to it after verifying that the arguments are safe.
However, I will not mark the question as solved as it would be prefered to do this inside clish.
Upvotes: 0
Related Questions
- check if clob contains string oracle
- SQL Security - creating a secure SQL command
- Allowed approaches for addressing SQL Injection in Fortify
- Check if a string contains a disallowed SQL command in PHP
- Disable DML queries in SQLCommand C#
- Sanitising database inputs in Clojure with Korma
- How to prevent DDL, DCL, TCL commands in Oracle Query
- Prevent SQL Injection using EXECUTE AS
- Escape SQL strings when Parameterized Queries cannot be used?
- Sanitize dynamic SQL query created by user. only SELECT allowed (no INSERT,UPDATE,DELETE,DROP, EXEC, etc...)