Re: [HACKERS] Disallowing multiple queries per PQexec()

On 6/14/17 10:05, Surafel Temesgen wrote: > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this > not to > be changeable in an existing session, but it's also much less usable > if you > can't set it

Re: [HACKERS] Disallowing multiple queries per PQexec()

Andres Freund wrote: > Since it's an application writer's choice whether to use it, > it seems to make not that much sense to have a > serverside guc - it can't really be sensible set. The application writers who are concerned by this wouldn't know that they have a choice. If there were i

Re: [HACKERS] Disallowing multiple queries per PQexec()

Fabien COELHO wrote: > I'm not fully convinced by this feature: using multiple queries is a > useful trick to reduce network-related latency by combining several > queries in one packet. Devs and even ORMs could use this trick. It's proposed as an option. For apps that intentionally put

Re: [HACKERS] Disallowing multiple queries per PQexec()

2017-06-14 19:56 GMT+02:00 Andres Freund : > On 2017-06-12 10:32:57 -0400, Tom Lane wrote: > > "Daniel Verite" writes: > > > PGC_POSTMASTER implies that it's an instance-wide setting. > > > Is is intentional? I can understand that it's more secure for this not > to > > > be changeable in an exist

Re: [HACKERS] Disallowing multiple queries per PQexec()

On 2017-06-12 10:32:57 -0400, Tom Lane wrote: > "Daniel Verite" writes: > > PGC_POSTMASTER implies that it's an instance-wide setting. > > Is is intentional? I can understand that it's more secure for this not to > > be changeable in an existing session, but it's also much less usable if you > > c

Re: [HACKERS] Disallowing multiple queries per PQexec()

Hello Surafel, My 0.02€: I attach a patch that incorporate the comments and uses similar routines with the rest of the file rather than using command tag I'm not fully convinced by this feature: using multiple queries is a useful trick to reduce network-related latency by combining several

Re: [HACKERS] Disallowing multiple queries per PQexec()

On Mon, Jun 12, 2017 at 5:22 PM, Daniel Verite wrote: > > > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this not to > be changeable in an existing session, but it's also much less usable if you > can't set it per-databa

Re: [HACKERS] Disallowing multiple queries per PQexec()

Tom Lane wrote: > Bearing in mind that I'm not really for this at all... It's a band-aid, but certainly there are cases where a DBA confronted to a badly written website would just want to be able to: ALTER USER webuser SET allow_multiple_queries TO off; > But if an attacker is able to

Re: [HACKERS] Disallowing multiple queries per PQexec()

"Daniel Verite" writes: > PGC_POSTMASTER implies that it's an instance-wide setting. > Is is intentional? I can understand that it's more secure for this not to > be changeable in an existing session, but it's also much less usable if you > can't set it per-database and per-user. > Maybe it should

Re: [HACKERS] Disallowing multiple queries per PQexec()

Surafel Temesgen wrote: > I modified the patch as such and added to commitfest 2017-07. A couple comments: + {"disallow_multiple_queries", PGC_POSTMASTER, CLIENT_CONN_OTHER, + gettext_noop("Disallow multiple queries per query string."), +

Re: [HACKERS] Disallowing multiple queries per PQexec()

hey Vaishnavi > > I think GUC's name can be something like "multiple_query_execution" and > setting it ON/OFF will be better. I think others will also come up with > some suggestions here as the current name doesn't go well with other > existing GUCs. > Thank you very much for the suggestion multi

Re: [HACKERS] Disallowing multiple queries per PQexec()

On Thu, May 18, 2017 at 2:56 AM, Surafel Temesgen wrote: > Sorry for being very late. I also think guc version of the patch can be > acceptable and useful. > > I modified the patch as such and added to commitfest 2017-07. > > > You need documentation changes in "libpq - C Library" chapter's PQexe

Re: [HACKERS] Disallowing multiple queries per PQexec()

Sorry for being very late. I also think guc version of the patch can be acceptable and useful. I modified the patch as such and added to commitfest 2017-07. Regards Surafel On Sat, Mar 4, 2017 at 10:24 AM, Robert Haas wrote: > On Tue, Feb 28, 2017 at 7:34 PM, Tom Lane wrote: > > Surafel T

Re: [HACKERS] Disallowing multiple queries per PQexec()

On Tue, Feb 28, 2017 at 7:34 PM, Tom Lane wrote: > Surafel Temesgen writes: >> This assignment is on todo list and has a benefit of providing an >> additional defense against SQL-injection attacks. > > This is on the todo list? Really? It seems unlikely to be worth the > backwards-compatibility

Re: [HACKERS] Disallowing multiple queries per PQexec()

As far as my understanding the issue at that time was inability to process creation of a database and connecting to it with one query string and that can be solved by fixing transaction restriction checks for CREATE DATABASE or disallowing multiple queries in PQexe. If the issue solved and all

Re: [HACKERS] Disallowing multiple queries per PQexec()

On 2/28/17 2:45 PM, Andres Freund wrote: So if you don't want to allow multiple statements, use PQexecParams et al. That does leave most application authors out in the cold though, since they're using a higher level connection manager. If the maintenance burden isn't terribly high it would b

Re: [HACKERS] Disallowing multiple queries per PQexec()

On 2017-02-28 15:59:08 +0100, Andreas Karlsson wrote: > On 02/28/2017 03:13 PM, Bruce Momjian wrote: > > I might have added that one; the text is: > > > > Consider disallowing multiple queries in PQexec() > > as an additional barrier to SQL injection attacks > > > > and it is a "consider"

Re: [HACKERS] Disallowing multiple queries per PQexec()

On 02/28/2017 03:13 PM, Bruce Momjian wrote: I might have added that one; the text is: Consider disallowing multiple queries in PQexec() as an additional barrier to SQL injection attacks and it is a "consider" item. Should it be moved to the Wire Protocol Changes / v4 Protocol

Re: [HACKERS] Disallowing multiple queries per PQexec()

On Tue, Feb 28, 2017 at 09:04:29AM -0500, Tom Lane wrote: > Surafel Temesgen writes: > > This assignment is on todo list and has a benefit of providing an > > additional defense against SQL-injection attacks. > > This is on the todo list? Really? It seems unlikely to be worth the > backwards-co

Re: [HACKERS] Disallowing multiple queries per PQexec()

Surafel Temesgen writes: > This assignment is on todo list and has a benefit of providing an > additional defense against SQL-injection attacks. This is on the todo list? Really? It seems unlikely to be worth the backwards-compatibility breakage. I certainly doubt that we could get away with u

[HACKERS] Disallowing multiple queries per PQexec()

This assignment is on todo list and has a benefit of providing an additional defense against SQL-injection attacks. Previous mailing list discussion is here and I attach a small patch that fix the issue by checking whether query