Re: Disallow SET command in a postgresql server

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Fabio Rueda Carrascosa <avances123(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Disallow SET command in a postgresql server
Date: 2013-04-09 15:47:12
Message-ID: 2243.1365522432@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Fabio Rueda Carrascosa <avances123(at)gmail(dot)com> writes:
> Im planning to publish my postgresql server to a few untrusted clients.
> I dont want them to modify any runtime setting, like work_mem or something
> risky to my server. In general I assume the pg_catalog schema is public but
> I don't want to allow updating pg_settings at all.

If you're allowing untrustworthy users to execute arbitrary SQL,
preventing them from using SET would not make very much difference
in how much trouble they can cause. You're wasting your time worrying
about this.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Fabio Rueda Carrascosa 2013-04-09 15:57:50 Re: Disallow SET command in a postgresql server
Previous Message Fabio Rueda Carrascosa 2013-04-09 15:28:25 Disallow SET command in a postgresql server