On Thu, Jun 14, 2018 at 12:22 PM Jeremy Evans <[email protected]> wrote:
> My approach would be to get a list of all valid schemas in the database, > and compare against that: > > schema_names = params[:schema_names] = ['foo', 'bar'] > valid_schema_names = DB[:pg_namespace].select_order_map(:nspname) > raise unless (schema_names - valid_schema_names).empty? > > This is assuming you don't allow users to create arbitrary schema names. > If you do, the whitelist is not going to help much. > > You may want to ask on a PostgreSQL mailing list about the safest way to > do this, since the question isn't necessary Sequel-specific. > Good answer. Thanks. -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/d/optout.
