Commit 9230abad authored by Benjamin Eberlei's avatar Benjamin Eberlei

Make users aware of security page by adding a SECURITY.md in root.

parent ca6a8dd2
Security
========
The Doctrine library is operating very close to your database and as such needs
to handle and make assumptions about SQL injection vulnerabilities.
It is vital that you understand how Doctrine approaches security, because
we cannot protect you from SQL injection.
Please read the documentation chapter on Security in Doctrine DBAL to
understand the assumptions we make.
- [Latest security.rst page on Github](https://github.com/doctrine/dbal/blob/master/docs/en/reference/security.rst)
- [Security Page in rendered documentation](http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/security.html)
......@@ -28,9 +28,9 @@ There are however some exceptions.
The following APIs are designed to be **SAFE** from SQL injections:
- ``Doctrine\DBAL\Connection#insert($table, $values, $types)``
- ``Doctrine\DBAL\Connection#update($table, $values, $where, $types)``
- ``Doctrine\DBAL\Connection#delete($table, $where, $types)``
- ``$values`` in ``Doctrine\DBAL\Connection#insert($table, $values, $types)``
- ``$values`` in ``Doctrine\DBAL\Connection#update($table, $values, $where, $types)``
- ``$values`` in ``Doctrine\DBAL\Connection#delete($table, $where, $types)``
- ``Doctrine\DBAL\Query\QueryBuilder#setFirstResult($offset)``
- ``Doctrine\DBAL\Query\QueryBuilder#setMaxResults($limit)``
- ``Doctrine\DBAL\Platforms\AbstractPlatform#modifyLimitQuery($sql, $limit, $offset)`` for the ``$limit`` and ``$offset`` parameters.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment