[dventimihasura]

> That login service can be written to be virtually immune to SQL attacks because it doesn't have to handle generalized queries. Ban all the SQL control characters in usernames/passwords

Why? If that login service is a third-party provider, what does this accomplish?