Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-09-05 Thread Peter Eisentraut
On 6/14/17 10:05, Surafel Temesgen wrote: > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this > not to > be changeable in an existing session, but it's also much less usable > if you > can't set

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-15 Thread Daniel Verite
Andres Freund wrote: > Since it's an application writer's choice whether to use it, > it seems to make not that much sense to have a > serverside guc - it can't really be sensible set. The application writers who are concerned by this wouldn't know that they have a choice. If there were

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-15 Thread Daniel Verite
Fabien COELHO wrote: > I'm not fully convinced by this feature: using multiple queries is a > useful trick to reduce network-related latency by combining several > queries in one packet. Devs and even ORMs could use this trick. It's proposed as an option. For apps that intentionally

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-14 Thread Pavel Stehule
2017-06-14 19:56 GMT+02:00 Andres Freund : > On 2017-06-12 10:32:57 -0400, Tom Lane wrote: > > "Daniel Verite" writes: > > > PGC_POSTMASTER implies that it's an instance-wide setting. > > > Is is intentional? I can understand that it's more secure for

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-14 Thread Andres Freund
On 2017-06-12 10:32:57 -0400, Tom Lane wrote: > "Daniel Verite" writes: > > PGC_POSTMASTER implies that it's an instance-wide setting. > > Is is intentional? I can understand that it's more secure for this not to > > be changeable in an existing session, but it's also

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-14 Thread Fabien COELHO
Hello Surafel, My 0.02€: I attach a patch that incorporate the comments and uses similar routines with the rest of the file rather than using command tag I'm not fully convinced by this feature: using multiple queries is a useful trick to reduce network-related latency by combining several

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-14 Thread Surafel Temesgen
On Mon, Jun 12, 2017 at 5:22 PM, Daniel Verite wrote: > > > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this not to > be changeable in an existing session, but it's also much less usable if you

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-12 Thread Daniel Verite
Tom Lane wrote: > Bearing in mind that I'm not really for this at all... It's a band-aid, but certainly there are cases where a DBA confronted to a badly written website would just want to be able to: ALTER USER webuser SET allow_multiple_queries TO off; > But if an attacker is able

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-12 Thread Tom Lane
"Daniel Verite" writes: > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this not to > be changeable in an existing session, but it's also much less usable if you > can't set it per-database and

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-12 Thread Daniel Verite
Surafel Temesgen wrote: > I modified the patch as such and added to commitfest 2017-07. A couple comments: + {"disallow_multiple_queries", PGC_POSTMASTER, CLIENT_CONN_OTHER, + gettext_noop("Disallow multiple queries per query string."), +

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-05-18 Thread Surafel Temesgen
hey Vaishnavi > > I think GUC's name can be something like "multiple_query_execution" and > setting it ON/OFF will be better. I think others will also come up with > some suggestions here as the current name doesn't go well with other > existing GUCs. > Thank you very much for the suggestion

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-05-17 Thread Vaishnavi Prabakaran
On Thu, May 18, 2017 at 2:56 AM, Surafel Temesgen wrote: > Sorry for being very late. I also think guc version of the patch can be > acceptable and useful. > > I modified the patch as such and added to commitfest 2017-07. > > > You need documentation changes in "libpq - C

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-05-17 Thread Surafel Temesgen
Sorry for being very late. I also think guc version of the patch can be acceptable and useful. I modified the patch as such and added to commitfest 2017-07. Regards Surafel On Sat, Mar 4, 2017 at 10:24 AM, Robert Haas wrote: > On Tue, Feb 28, 2017 at 7:34 PM, Tom

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-03-03 Thread Robert Haas
On Tue, Feb 28, 2017 at 7:34 PM, Tom Lane wrote: > Surafel Temesgen writes: >> This assignment is on todo list and has a benefit of providing an >> additional defense against SQL-injection attacks. > > This is on the todo list? Really? It seems

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-03-02 Thread Surafel Temesgen
As far as my understanding the issue at that time was inability to process creation of a database and connecting to it with one query string and that can be solved by fixing transaction restriction checks for CREATE DATABASE or disallowing multiple queries in PQexe. If the issue solved and

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-03-01 Thread Jim Nasby
On 2/28/17 2:45 PM, Andres Freund wrote: So if you don't want to allow multiple statements, use PQexecParams et al. That does leave most application authors out in the cold though, since they're using a higher level connection manager. If the maintenance burden isn't terribly high it would

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-02-28 Thread Andres Freund
On 2017-02-28 15:59:08 +0100, Andreas Karlsson wrote: > On 02/28/2017 03:13 PM, Bruce Momjian wrote: > > I might have added that one; the text is: > > > > Consider disallowing multiple queries in PQexec() > > as an additional barrier to SQL injection attacks > > > > and it is a

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-02-28 Thread Andreas Karlsson
On 02/28/2017 03:13 PM, Bruce Momjian wrote: I might have added that one; the text is: Consider disallowing multiple queries in PQexec() as an additional barrier to SQL injection attacks and it is a "consider" item. Should it be moved to the Wire Protocol Changes / v4 Protocol

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-02-28 Thread Bruce Momjian
On Tue, Feb 28, 2017 at 09:04:29AM -0500, Tom Lane wrote: > Surafel Temesgen writes: > > This assignment is on todo list and has a benefit of providing an > > additional defense against SQL-injection attacks. > > This is on the todo list? Really? It seems unlikely to be

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-02-28 Thread Tom Lane
Surafel Temesgen writes: > This assignment is on todo list and has a benefit of providing an > additional defense against SQL-injection attacks. This is on the todo list? Really? It seems unlikely to be worth the backwards-compatibility breakage. I certainly doubt that

[HACKERS] Disallowing multiple queries per PQexec()

2017-02-27 Thread Surafel Temesgen
This assignment is on todo list and has a benefit of providing an additional defense against SQL-injection attacks. Previous mailing list discussion is here and I attach a small patch that fix the issue by checking whether query