[erlang-questions] Of regexes and REs, and other irritating things...
PAILLEAU Eric
eric.pailleau@REDACTED
Tue Aug 12 22:13:35 CEST 2014
Hi,
https://github.com/epgsql/epgsql is well known.
I know that Zotonic Erlang CMS use it, for instance.
(sorry a bit off topic for this list)
Yes, Postgresql native clustering was a long childbirth, while MySql had
it a long time before. 9.x releases allow this.
Development process at Postgres is always a bit long , but like Debian,
stability is the key word.
You can have a look to :
http://www.repmgr.org/
https://wiki.postgresql.org/wiki/Replication,_Clustering,_and_Connection_Pooling
I can't give you any My/Post clustering comparisons, it is a long time I
did not used Mysql. But maybe other can.
Le 12/08/2014 20:22, Mike Oxford a écrit :
> Thanks everyone. It's a small temporary app on a closed network with
> trusted clients. If you notice I'm not even fully protecting against
> SQL injection; no octals or whatnot are checked ... it's literally just
> for a few characters which people may type in (like O'Grady).
>
> Didn't know the internals of the MySQL protocol - I've just been using
> emysql and it seems to work fairly well. I've not done much postgres,
> but while it's always had a good reputation it never seemed to be quite
> as .... dynamic ... as the MySQL development process. I've been using
> MySQL, well, forever but I'm open to exploring postgres again after this
> project
>
> Which postgres clients (erlang) are considered solid and what's the
> consensus on their clustering compared to Galera/Percona?
>
> Thanks!
>
>
>
>
> On Mon, Aug 11, 2014 at 7:05 AM, PAILLEAU Eric <eric.pailleau@REDACTED
> <mailto:eric.pailleau@REDACTED>> wrote:
>
> I agree .
>
> Note, what I like in Postgresql on contrary of Mysql, is the dollar
> quoting.
>
> In addition to usual SQL injection protections on data input,
> you can also use dynamic dollar quoting, to make more complexe SQL
> injection attempts :
>
> UPDATE users set password=$4896$new password hash$4896$ WHERE id=12345 ;
>
> 4896 is for instance the PID of the forked Apache process, or
> anything else with more entropy.
>
> The attacker can't guess this ID and injection is much much more
> complex...
>
>
> Le 11/08/2014 09:51, Loïc Hoguin a écrit :
>
> On 08/11/2014 06:02 AM, Mike Oxford wrote:
>
> I need to so some input sanitizing for use against MySQL.
>
>
> Are you saying you are going to take this data and put it inside
> a query
> string? This isn't going to protect anything, escaping doesn't
> prevent
> SQL injection. Why not use a prepared statement instead? This
> makes the
> data separate from the query, you don't need to do any escaping and
> MySQL takes care of everything for you. Also make sure you are
> using the
> *binary* protocol, not the *text* one, and you're pretty much set.
>
>
> _________________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
> http://erlang.org/mailman/__listinfo/erlang-questions
> <http://erlang.org/mailman/listinfo/erlang-questions>
>
>
More information about the erlang-questions
mailing list