Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-13 Thread Peter J. Holzer
On 2017-01-11 00:49:19 -0800, Guyren Howe wrote: > I’m not following. What I would like is just a lightweight way to switch the > connections to use a different role, or some moral equivalent, that would > prevent an SQL injection from wrecking havoc. I’m not proposing anything that > will change

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread Tomas Vondra
On 01/11/2017 03:10 PM, Stephen Frost wrote: * Tom Lane (t...@sss.pgh.pa.us) wrote: > > ... If you end up having to dedicate each connection to a particular unprivileged userID, then you can just open the connection as that user to start with; a magic one-way privilege switch doesn't really

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: > Guyren Howe writes: > > I’m not following. What I would like is just a lightweight way to switch > > the connections to use a different role, or some moral equivalent, that > > would prevent an SQL injection from wrecking havoc. I’m not

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread Tom Lane
Guyren Howe writes: > I’m not following. What I would like is just a lightweight way to switch the > connections to use a different role, or some moral equivalent, that would > prevent an SQL injection from wrecking havoc. I’m not proposing anything that > will change

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread John R Pierce
On 1/11/2017 12:49 AM, Guyren Howe wrote: would prevent an SQL injection from wrecking havoc. sql injection is quite easy to avoid. always make parameterized queries, never use client supplied data to assemble a query with string concatenation. voila, no injection possible. -- john r

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread Guyren Howe
On Jan 11, 2017, at 0:07 , John R Pierce wrote: > > On 1/10/2017 11:32 PM, Guyren Howe wrote: >> Further to my recent inquiries about leveraging Postgres’ security features >> from client apps, it appears to me that some likely reasonably simple >> changes to those

Re: [GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-11 Thread John R Pierce
On 1/10/2017 11:32 PM, Guyren Howe wrote: Further to my recent inquiries about leveraging Postgres’ security features from client apps, it appears to me that some likely reasonably simple changes to those features would enable client apps to better leverage what are otherwise great features.

[GENERAL] Are new connection/security features in order, given connection pooling?

2017-01-10 Thread Guyren Howe
Further to my recent inquiries about leveraging Postgres’ security features from client apps, it appears to me that some likely reasonably simple changes to those features would enable client apps to better leverage what are otherwise great features. *IF* we give our end users roles in