On Sat, Apr 26, 2008 at 1:19 PM, Thomas Mueller <[EMAIL PROTECTED]> wrote: > Hi, > > > > The 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or > > > by an administrator. > > then it solves nothing... > > what if the developer never SET ALLOW_LITERALS NONE > > As I have said, the 'ALLOW_LITERALS NONE' mode is enabled by the > developer itself, or by an administrator. The developer may be lazy, > but the administrator can enforce this policy. >
but can't the developer allow literals again? > > maybe i can inject "select * from tab where intcol = intcol; set > > allow_literals all; add any query you want" > > How do you inject this? How would the application looks like where > this can be injected? > ok... point taken -- regards, Jaime Casanova Soporte de PostgreSQL Guayaquil - Ecuador Cel. (593) 087171157 -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
