Hello!
I'm developing a web application that needs to display data from a postgres
backend.
The most convenient way for the app to get the data is by expressing the
request in SQL.
I'm thinking about the following architecture
[ App/Client ] - query in SQL --- [Web server] --- same SQL
Hello World wrote:
Given this are there any security other issues about letting client
applications execute arbitrary SQL
commands on the backend database?
There shouldn't be any security problems, just be careful that you don't give
the
user more permissions than you want to.
But a user
Hello,
Thank you very much.
Denial of service is indeed a problem. Is there a way to limit the
execution time of a request?
I'm using libpq to communicate with the server.
PS. I've just taken a look, it seems I could do some asynchronous queries,
time them, then cancel them if they take too
On 30/04/14, Hello World (worldani...@gmail.com) wrote:
I'm developing a web application that needs to display data from a postgres
backend.
The most convenient way for the app to get the data is by expressing the
request in SQL.
I'm thinking about the following architecture
[
On Wed, Apr 30, 2014 at 12:32 AM, Hello World worldani...@gmail.com wrote:
Hello!
I'm developing a web application that needs to display data from a
postgres backend.
The most convenient way for the app to get the data is by expressing the
request in SQL.
I'm thinking about the following
Hello World wrote:
Denial of service is indeed a problem. Is there a way to limit the execution
time of a request?
Yes, setting statement_timeout.
But if a client can exectue arbitrary statements, that could also
be statements like:
SET statement_timeout=0;
SET work_mem=1024GB;
I'm using
SET statement_timeout=0;
SET work_mem=1024GB;
I just realized about the SET command.
Isn't it weird that any user can set parameters such as this that will
apply server wide? to all future sessions?
I noticed that some of the parameters can only be set by superusers, and
some require
They don't apply server-wide. They apply to that user's session:
http://www.postgresql.org/docs/8.4/interactive/sql-set.html
Geoff
On Wed, Apr 30, 2014 at 6:19 AM, Hello World worldani...@gmail.com wrote:
SET statement_timeout=0;
SET work_mem=1024GB;
I just realized about the SET