Quick Links

Re: Running untrusted sql safely?

From:	Stuart McGraw <smcg2297(at)frii(dot)com>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Running untrusted sql safely?
Date:	2009-02-15 22:09:27
Message-ID:	49989297.5070007@frii.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

John R Pierce wrote:
> Stuart McGraw wrote:
>> What is the best way to run an arbitrary
>> query received from an untrusted source,
>> safely?
>>
>> (I want a web page form with a textbox that
>> a user can enter an arbitrary sql statement,
>> then run it .....
>
> just keep http://xkcd.com/327/ in mind.

Yes, exactly what I would like some advice
on avoiding! :-)

In response to

Re: Running untrusted sql safely? at 2009-02-15 21:03:01 from John R Pierce

Responses

Re: Running untrusted sql safely? at 2009-02-15 22:29:23 from Scott Marlowe

Browse pgsql-general by date

	From	Date	Subject
Next Message	Lennin Caro	2009-02-15 22:18:21	Re: pg_hba reload
Previous Message	Bob Pawley	2009-02-15 22:04:36	Re: Attempting to connect