On Thu, Jul 21, 2016 at 09:21:55AM -0400, Jim Mlodgenski wrote:
> On Thu, Jul 21, 2016 at 12:57 AM, David Fetter <da...@fetter.org> wrote:
> > Please find attached a patch which makes it possible to disallow
> > UPDATEs and DELETEs which lack a WHERE clause.  As this changes
> > query behavior, I've made the new GUCs PGC_SUSET.
> >
> > What say?
> >
> Can't you implement this as a extension?

Yes.  In that case, I'd want to make it a contrib extension, as it is
at least in theory attached to specific major versions of the backend.

Also, if it's not in contrib, we can basically forget about having
most people even know about it, let alone get specific separate
permission to use it in production.  That's reality, much as I would
like it not to be.

> The SQL Firewall project is already doing some similar concepts by
> catching prohibiting SQL and preventing it from executing.
> https://github.com/uptimejp/sql_firewall

That's very nice, but it illustrates my point perfectly.  The
extension is from a current respected and prolific contributor to the
community, but I had no idea that it was there, and by dint of writing
the PostgreSQL Weekly News, I keep closer tabs on external things
PostgreSQL than easily 99.9% of people who deploy it.

David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to