-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client-side SQL select #1
Comments
I believe we can use one of the node.js modules from https://nodejsmodules.org/tags/sanitize to solve that problem, but I haven't looked extensively into this yet. |
Those look like they sanitize user input, not SQL select statements. I wanted to do something like http://hiddentao.github.io/squel/ but sending the object to the server, sanitizing and converting it to a SQL statement there. For example, on client side we want "SELECT id,name,description FROM exercises where difficulty LIKE beginner LIMIT 20", so we create an object like {col:['id','name','description'],from:['exercises'],where:'difficulty LIKE beginner',limit:20}, send it to the server then we sanitize the object server side and reconstruct the query string intended by the client. Is there something that does that? Would that be difficult to build our selves? |
I don't quite understand why you would want to sanitize something other than user input. I don't see an obvious vulnerability if not from user input. I think we'll have to discuss this in person. |
Not happening. |
Is there any way to sanitize select statements so that we can create them client side? Then we could use very specific queries without having many functions to handle them server-side, while limiting exposure to SQL injection.
The text was updated successfully, but these errors were encountered: