[erlang-questions] Of regexes and REs, and other irritating things...

PAILLEAU Eric <>
Tue Aug 12 22:13:35 CEST 2014


Hi,

https://github.com/epgsql/epgsql is well known.
I know that Zotonic Erlang CMS use it, for instance.

(sorry a bit off topic for this list)

Yes, Postgresql native clustering was a long childbirth, while MySql had 
it a long time before. 9.x releases allow this.
Development process at Postgres is always a bit long , but like Debian, 
stability is the key word.

You can have a look to :
  http://www.repmgr.org/
 
https://wiki.postgresql.org/wiki/Replication,_Clustering,_and_Connection_Pooling

I can't give you any My/Post clustering comparisons, it is a long time I 
did not used Mysql. But maybe other can.


Le 12/08/2014 20:22, Mike Oxford a écrit :
> Thanks everyone.  It's a small temporary app on a closed network with
> trusted clients.  If you notice I'm not even fully protecting against
> SQL injection; no octals or whatnot are checked ... it's literally just
> for a few characters which people may type in (like O'Grady).
>
> Didn't know the internals of the MySQL protocol - I've just been using
> emysql and it seems to work fairly well.  I've not done much postgres,
> but while it's always had a good reputation it never seemed to be quite
> as  .... dynamic ... as the MySQL development process.  I've been using
> MySQL, well, forever but I'm open to exploring postgres again after this
> project
>
> Which postgres clients (erlang) are considered solid and what's the
> consensus on their clustering compared to Galera/Percona?
>
> Thanks!
>
>
>
>
> On Mon, Aug 11, 2014 at 7:05 AM, PAILLEAU Eric <
> <mailto:>> wrote:
>
>     I agree .
>
>     Note, what I like in Postgresql on contrary of Mysql, is the dollar
>     quoting.
>
>     In addition to usual SQL injection protections on data input,
>     you can also use dynamic dollar quoting, to make more complexe SQL
>     injection attempts :
>
>     UPDATE users set password=$4896$new password hash$4896$ WHERE id=12345 ;
>
>     4896 is for instance the PID of the forked Apache process, or
>     anything else with more entropy.
>
>     The attacker can't guess this ID and injection is much much more
>     complex...
>
>
>     Le 11/08/2014 09:51, Loïc Hoguin a écrit :
>
>         On 08/11/2014 06:02 AM, Mike Oxford wrote:
>
>             I need to so some input sanitizing for use against MySQL.
>
>
>         Are you saying you are going to take this data and put it inside
>         a query
>         string? This isn't going to protect anything, escaping doesn't
>         prevent
>         SQL injection. Why not use a prepared statement instead? This
>         makes the
>         data separate from the query, you don't need to do any escaping and
>         MySQL takes care of everything for you. Also make sure you are
>         using the
>         *binary* protocol, not the *text* one, and you're pretty much set.
>
>
>     _________________________________________________
>     erlang-questions mailing list
>      <mailto:>
>     http://erlang.org/mailman/__listinfo/erlang-questions
>     <http://erlang.org/mailman/listinfo/erlang-questions>
>
>




More information about the erlang-questions mailing list