how to prevent SQL injection

gg.lafon · 2014-05-30T07:05:33+00:00

Hello! On Thu, May 29, 2014 at 10:42 AM, rvsw wrote: > In the routine ngx_http_lua_body_filter_by_lua, I need to determine if the > directive for head...

how to prevent SQL injection

gg.lafon

Hello,

I looking for a way to prevent SQL injection from Postgresql 9.3

If you have any idea do not hesitate to share.

Thank you

Jérôme

agentzh

Hello!

On Thu, May 29, 2014 at 4:05 PM, Jerome Lafon wrote:
> I  looking for a way to prevent SQL injection from Postgresql 9.3
>
> If you have any idea do not hesitate to share.
>

See https://github.com/openresty/set-misc-nginx-module#set_quote_pgsql_str

And you can call it from within Lua via the ndk.set_var API below:

    https://github.com/openresty/lua-nginx-module#ndkset_vardirective

Regards,
-agentzh

gg.lafon

Tank you

Jerome

Le vendredi 30 mai 2014, Yichun Zhang (agentzh) <age...@gmail.com> a écrit :

Hello!

On Thu, May 29, 2014 at 4:05 PM, Jerome Lafon wrote:
> I looking for a way to prevent SQL injection from Postgresql 9.3
>
> If you have any idea do not hesitate to share.
>

See https://github.com/openresty/set-misc-nginx-module#set_quote_pgsql_str

And you can call it from within Lua via the ndk.set_var API below:

https://github.com/openresty/lua-nginx-module#ndkset_vardirective

Regards,
-agentzh.

ddragosd

I use NAXSI - [1]. It has OOTB rules for this.

DRAGOS 
[1] - https://www.owasp.org/index.php/OWASP_NAXSI_Project