On Wednesday, October 28, 2015 at 4:21:06 PM UTC-7, Jeff wrote: > > The use case should have as minimal an impact on the database -- assume > I'm not allowed to create new tables or even views, nor can I create a new > user or permissions on the database. So it needs to be a code-level > solution. Right now I just check for some common mutating sql, like "delete > from" or "insert into" and raise an exception if I see those. >
The correct way to do this is to use a connection with limited access rights to the database (separate database user with specific access GRANTed). Trying to handle security in this way at the application level is a bad idea, but if you must do it and you are using PostgreSQL, you could wrap all of your of your code in a transaction that uses the :read_only option. Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/d/optout.
