What is the best way to run an arbitrary
query received from an untrusted source,
safely?
(I want a web page form with a textbox that
a user can enter an arbitrary sql statement,
then run it but I want to prevent therm from
changing anything or escaping postgresql
and executing system commands. I.e., it
is intended to allow for searching only.
I understand and accept that resource hogging
queries could submitted constituting a DoS
attack but I will deal with that in other
ways.)
I am thinking the running the query on a
connection with a role that gives only select
privileges might be sufficient. Is it? Any
things I need to watch out for? Any other
or better ways to do this?