Hi, > but can't the developer allow literals again?
Executing the statement SET ALLOW_LITERALS should be restricted. The application uses another user name / password and doesn't have to access rights to enable it. Maybe the user name / password is configured using JNDI, so the application developper has no influence on that. In any case, even if the developer can enable literals, I don't think he would, because he would be afraid to be caught cheating. Regards, Thomas -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
