Hi,
I have a question about preventing SET ROLE from being reset within a session.
I'll give some context for my question, but please note that the question is
not restricted to the technologies (XWiki, Groovy) that I'm using.
I'm working with a PostgreSQL 9.3 database that is interfaced via JD
Tom Lane wrote
>> I have a question about preventing SET ROLE from being reset within a
>> session.
>
> You can't; per SQL standard, SET ROLE NONE is supposed to do exactly that.
>
> I think you might be able to do something with invoking untrusted code
> inside a SECURITY DEFINER function. That
Melvin Davidson wrote:
>> The problem for me is that SET ROLE can be reversed with SET ROLE
>> NONE or RESET ROLE, so a user could set the role to access rows that
>> they should not be able to see.
>
> This is only partially true. While they can do SET ROLE NONE & RESET ROLE,
> they Cannot SET ROL
In a number of places on the web I've seen it claimed that ordering can be set
via prepared statements. Indeed, the expected syntax is accepted on my 9.3
server without errors:
sandbox=# CREATE TABLE test (
id serial PRIMARY KEY,
gender char
);
sandbox=# INSERT INTO test(gender) VALUES('m') VA
Sorry, I can't find any now. It's cropped up in a few forums, in the context of
executing queries from web services. Clearly not significantly enough to show
up in Google...
- Reply message -
From: "Adrian Klaver"
To: "Bryn Jeffries" ,
"pgsql-general
Paul Jungwirth wrote
> I'm not sure how to make a prepared statement that lets you name a
> column when you execute it. Maybe someone else can chime in if that's
> possible.
David J. responded
> You cannot. By definition parameters, in this context, are values - not
> identifiers.
> [...]
> In
