Client-side SQL select #1
Comments
|
I believe we can use one of the node.js modules from https://nodejsmodules.org/tags/sanitize to solve that problem, but I haven't looked extensively into this yet. |
|
Those look like they sanitize user input, not SQL select statements. I wanted to do something like http://hiddentao.github.io/squel/ but sending the object to the server, sanitizing and converting it to a SQL statement there. For example, on client side we want "SELECT id,name,description FROM exercises where difficulty LIKE beginner LIMIT 20", so we create an object like {col:['id','name','description'],from:['exercises'],where:'difficulty LIKE beginner',limit:20}, send it to the server then we sanitize the object server side and reconstruct the query string intended by the client. Is there something that does that? Would that be difficult to build our selves? |
|
I don't quite understand why you would want to sanitize something other than user input. I don't see an obvious vulnerability if not from user input. I think we'll have to discuss this in person. |
|
Not happening. |
Is there any way to sanitize select statements so that we can create them client side? Then we could use very specific queries without having many functions to handle them server-side, while limiting exposure to SQL injection.
The text was updated successfully, but these errors were encountered: