[Rails] Rails, Postgres, environment variables, Ubuntu, no PL/R

[Ralph Shnelvar]

This may be more of a Postgres question than a Rails or Ruby question but 
... since I want to do this in a Rails environment ...

I store my Postgres password in an environment variable whose name is a 
long randomly generated string in the appropriate format for an Ubuntu 
environment variable name..

Is it possible to get a list of environment variables from a (SELECT?) 
statement when executing an arbitrary SQL statement such as the two 
immediately below. 
# Get a connection to a user's database.
# Once my question is answered, I'll want to ask questions about how the 
statmeent immediately below interacts with Rails'
#   connection pool.
conn = PGconn.connect("localhost", 5432,"","","my_database_development",
"MyUserName","MyObviousPassword")

exec_sql_stmt_OK =
"DROP TABLE IF EXISTS logs;
CREATE TABLE logs (
  client_ip inet,
  username text,
  ts timestamp,
  request text,
  status smallint,
  bytes int
);"

# Is there some way to break my security model?
# Note, I'm picking up the text of exec_sql_stmt_BAD_BAD_BAD from a form.  
Hence the use of single quotes to prevent interpolation. 
exec_sql_stmt_BAD_BAD_BAD =
'
Some statement that will break my security model by giving a list of 
environment variables;
;'

# This will execute just fine
ret_exec_sql = conn.exec( exec_sql_OK )

# I hope there is no SQL statement that will fetch a list of environment 
variables if PL/R is not installed.
ret_exec_sql = conn.exec( exec_sql_stmt_ BAD_BAD_BAD )

It is important to note that I have NOT installed R or PL/R.

Note: If PL/R is installed one can use the plr_environ() function to get a 
list of environment variables

Does anyone know a good (best?) forum to ask questions?  I see Reddit link 
<https://www.reddit.com/r/PostgreSQL/comments/5nso64/what_are_the_best_postgres_forums/>
 
but if you know of a better place, I'm all ears.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/2b0c7c93-cc9f-4601-aca2-cabd03b51318%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.