It says in the documentation of RDS proxy that the connection is automaticaly pinned when the application uses a prepared statement:
Prepared statements cause the proxy to pin the session. This rule applies whether the prepared statement uses SQL text or the binary protocol. (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html)
How am I supposed to protect my application against SQL injections while using RDS proxy? I am using this service to make the connection with the database faster in my microservices so I want the connection to be reused.
I tried to append
?binary_parameters=yes
or&binary_parameters=yes
to the connection string.i.e.
and I saw a drop on the pinned
prepared_statements
.I haven't followed that solution yet as I am still investigating if RDS proxy is still the best option for our use case.