No masking of input in database abstraction

codegooglecom / cjklib

Automatically exported from code.google.com/p/cjklib

Other

0 stars 0 forks source link

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

The database abstraction in module dbconnector doesn't mask user input and
thus allows code injection.

Original issue reported on code.google.com by christop...@gmail.com on 10 Nov 2008 at 3:58

GoogleCodeExporter commented 8 years ago

With move to SQLAlchemy all input now is quoted.

Original comment by christop...@gmail.com on 12 May 2009 at 10:25