Hi, > I fail to see how the backend could distinguish between a query sent by a > query tool and a query sent by an "application".
The backend could use a different client library (a client library that doesn't allow literals). But in this case two or three client libraries are required. Probably better is to restrict in the database. There would be a user (or role) for the query tool and one for the application. Maybe the SET ALLOW_LITERALS is not such a good idea. What about REVOKE LITERAL_TEXT FROM APP_ROLE. So LITERAL_TEXT and LITERAL_NUMBER would be rights (similar to REVOKE USAGE ON LANGUAGE ... FROM ...). It's an access rights problem. Let's say there is a development database (DEV_DB) and a production (PROD_DB). There are two users / roles on those systems: APP_USER (no literals) and QUERY_TOOL_USER (literals allowed). The passwords are different on each system. Developers know the password for [EMAIL PROTECTED] and [EMAIL PROTECTED], but only [EMAIL PROTECTED] Or developers know all passwords, but the application configuration is rewieved not to use QUERY_TOOL_USER. Regards, Thomas -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
