| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Surafel Temesgen <surafel3000(at)gmail(dot)com>, Daniel Verite <daniel(at)manitou-mail(dot)org> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Disallowing multiple queries per PQexec() |
| Date: | 2017-09-05 12:42:11 |
| Message-ID: | 12f11da6-52b1-3738-6431-7a67d60d5078@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/14/17 10:05, Surafel Temesgen wrote:
> PGC_POSTMASTER implies that it's an instance-wide setting.
> Is is intentional? I can understand that it's more secure for this
> not to
> be changeable in an existing session, but it's also much less usable
> if you
> can't set it per-database and per-user.
> Maybe it should be PGC_SUSET ?
>
> It’s my misunderstanding I thought PGC_POSTMASTER set only by
> superuser and changed with a hard restart
>
> I attach a patch that incorporate the comments and uses similar routines
> with the rest of the file rather than using command tag
After reviewing the discussion, I'm inclined to reject this patch.
Several people have spoken out strongly against this patch. It's clear
that this feature wouldn't actually offer any absolute protection; it
just closes one particular hole. On the other hand, it introduces a
maintenance and management burden.
We already have libpq APIs that offer a more comprehensive protection
against SQL injection, so we can encourage users to use those, instead
of relying on uncertain measures such as this.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Travers | 2017-09-05 12:42:39 | Re: Proposal: pg_rewind to skip config files |
| Previous Message | Chris Travers | 2017-09-05 12:41:27 | Re: Proposal: pg_rewind to skip config files |