On 2017-01-11 00:49:19 -0800, Guyren Howe wrote:
> I’m not following. What I would like is just a lightweight way to switch the
> connections to use a different role, or some moral equivalent, that would
> prevent an SQL injection from wrecking havoc. I’m not proposing anything that
> will change
On 01/11/2017 03:10 PM, Stephen Frost wrote:
* Tom Lane (t...@sss.pgh.pa.us) wrote:
>
> ...
If you end up having to dedicate each connection to a particular
unprivileged userID, then you can just open the connection as that
user to start with; a magic one-way privilege switch doesn't really
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Guyren Howe writes:
> > I’m not following. What I would like is just a lightweight way to switch
> > the connections to use a different role, or some moral equivalent, that
> > would prevent an SQL injection from wrecking havoc. I’m not
Guyren Howe writes:
> I’m not following. What I would like is just a lightweight way to switch the
> connections to use a different role, or some moral equivalent, that would
> prevent an SQL injection from wrecking havoc. I’m not proposing anything that
> will change
On 1/11/2017 12:49 AM, Guyren Howe wrote:
would prevent an SQL injection from wrecking havoc.
sql injection is quite easy to avoid. always make parameterized
queries, never use client supplied data to assemble a query with string
concatenation.
voila, no injection possible.
--
john r
On Jan 11, 2017, at 0:07 , John R Pierce wrote:
>
> On 1/10/2017 11:32 PM, Guyren Howe wrote:
>> Further to my recent inquiries about leveraging Postgres’ security features
>> from client apps, it appears to me that some likely reasonably simple
>> changes to those
On 1/10/2017 11:32 PM, Guyren Howe wrote:
Further to my recent inquiries about leveraging Postgres’ security
features from client apps, it appears to me that some likely
reasonably simple changes to those features would enable client apps
to better leverage what are otherwise great features.
Further to my recent inquiries about leveraging Postgres’ security features
from client apps, it appears to me that some likely reasonably simple changes
to those features would enable client apps to better leverage what are
otherwise great features.
*IF* we give our end users roles in