Clojure Database Log Sanitization with Korma

Question

Clojure Database Log Sanitization with Korma

I use Korma for the RESTful API, and it occurs to me that I pass the values passed by the user through my calls (insert). Is there a good way in Clojure to protect against SQL injection attacks? Poop generates SQL in a fairly simple way, so if someone told me that their name was a bit of Bobby Tables , I'm afraid it will hurt.

+4

sql clojure korma sqlkorma

Conan Aug 4 '14 at 21:55

source share

1 answer

Arthur Ulfeldt · Accepted Answer · 2014-08-04T22:47:34+0000

I understand that Korma always generates parameterized SQL, at least for select and insert (I have not personally tested others), so Little Baby Tables should be fine.

Carefully examine how these values are returned from the database. Sanitary DB input does not protect against CSRF / XSS, etc. When working with Clojure and DB ↔ web interactions. I use the rule that all system components must encode data so that it is safe for the next server in the chain, and logical restrictions (for example, the maximum search size) are checked in advance in the ring middleware.

- /, . , . ( )

Clojure Database Log Sanitization with Korma

More articles: