Quick Links

Re: Running untrusted sql safely?

From:	John R Pierce <pierce(at)hogranch(dot)com>
To:	Stuart McGraw <smcg2297(at)frii(dot)com>, pgsql-general(at)postgresql(dot)org
Subject:	Re: Running untrusted sql safely?
Date:	2009-02-15 21:03:01
Message-ID:	49988305.5020101@hogranch.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Stuart McGraw wrote:
> What is the best way to run an arbitrary
> query received from an untrusted source,
> safely?
>
> (I want a web page form with a textbox that
> a user can enter an arbitrary sql statement,
> then run it .....
>

just keep http://xkcd.com/327/ in mind.

In response to

Running untrusted sql safely? at 2009-02-15 20:17:28 from Stuart McGraw

Responses

Re: Running untrusted sql safely? at 2009-02-15 22:09:27 from Stuart McGraw

Browse pgsql-general by date

	From	Date	Subject
Next Message	Bob Pawley	2009-02-15 21:41:14	Attempting to connect
Previous Message	Stuart McGraw	2009-02-15 20:17:28	Running untrusted sql safely?