07e484bcc0023909364a4a01f67b6a2198e0cde4 galt Wed Sep 18 12:12:56 2013 -0700 Adding section about preventing sqli to src/README diff --git src/README src/README index 550ec9a..782ef05 100644 --- src/README +++ src/README @@ -260,18 +260,31 @@ of the module, just after the module opening comment and any includes. This is followed by broadly used module local (static) variables. Less broadly used structs and variables may be grouped with the functions they are used with. If a module is used by other modules, it will be represented in a header file. In the majority of cases one .h file corresponds to one .c file. Typically the opening comment is duplicated in .h and .c files, as are the public structure and function declarations and opening comments. In general we try, with mixed success, to keep modules less than 2000 lines. Sadly many of the Genome Browser specific modules are currently quite long. On the bright side the vast majority of the library modules are reasonably sized. +PREVENTING SQL-INJECTION + +In order to prevent SQL-Injection (sqli), we use primarily +a special function called sqlSafef() to construct properly +escaped SQL strings. + +The main article about preventing sqli is found here on genomewiki: + +http://genomewiki.ucsc.edu/index.php/Sql_injection_protection + +There are several other related and supporting +functions to defeat sqli. The function reference is found here: + +http://genomewiki.ucsc.edu/index.php/Sql-injection_safe_functions ==================================================================== -This file last updated: $Date: 2010/06/03 16:48:53 $