Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let multi statements be optional #500

Merged
merged 2 commits into from
Sep 3, 2021
Merged

Let multi statements be optional #500

merged 2 commits into from
Sep 3, 2021

Conversation

simlun
Copy link
Contributor

@simlun simlun commented Aug 30, 2021

Disabling multi statements can help protect against SQL injection attacks.

@simlun
Let multi statements be optional
6588f14 
- Disabling multi statements can help protect against SQL injection
  attacks.
@methane
Copy link
Member

methane commented Aug 30, 2021

Disabling multi statements can not protect against SQL injection attacks.
Only placeholder can protect you from SQL injection.

@simlun
Copy link
Contributor Author

simlun commented Aug 30, 2021

Yes, I agree, thanks for clarifying that.

The reason behind this PR is that some security experts consider it good practice to disable multi statements if you don’t intend to use them.

So I would really appreciate getting this merged to avoid having to use a forked version of this library.

Thank you for your fast response as well :)

@simlun
Copy link
Contributor Author

simlun commented Sep 1, 2021

@methane would it be ok to merge this functionality if we rephrase the text a bit?

Companies have demands from customers with regards to this. And it would be great if the community software could comply, even though it doesn’t fix all security issues it’s one step on the way for safer software out there :)

methane
methane reviewed Sep 2, 2021
View reviewed changes
MySQLdb/connections.py Outdated Show resolved Hide resolved
methane
methane reviewed Sep 2, 2021
View reviewed changes
MySQLdb/connections.py Outdated Show resolved Hide resolved
@simlun
Copy link
Contributor Author

simlun commented Sep 2, 2021

Thank you for your feedback @methane

I’ve updated the PR now 👍

@methane methane merged commit 8f1fd73 into PyMySQL:master Sep 3, 2021
@methane methane added this to the v2.1 milestone Oct 19, 2021
This was referenced Nov 18, 2021
Merged
Merged
Merged
Merged
@renovate renovate bot mentioned this pull request Dec 19, 2021
Merged
1 task
This was referenced Mar 7, 2022
Open
Open
Closed
Open
This was referenced Mar 26, 2022
Closed
Merged
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@methane methane methane left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.1
Development

Successfully merging this pull request may close these issues.
2 participants
@simlun @methane