Add maximum SQL query length check - Githubissues

client9 / libinjection

SQL / SQLI tokenizer parser analyzer

Other

1k stars 274 forks source link

Add maximum SQL query length check #31

Closed client9 closed 11 years ago

client9 commented 11 years ago

In a simple implementation, libinjection could be used on all HTML FORM POSTs, which might include very long binary data.

To prevent long scanning and parsing times, we should either

reject inputs > 65k (or some other configurable limit)
abort parsing if we go too far

Unfortunately, MySQL allows 1G SQL statement! http://dev.mysql.com/doc/refman/5.0/en/packet-too-large.html

Looks like default is 32MB.

client9 commented 11 years ago

can be done on client side... closing