From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | 野村 <nomura(at)ir-alt(dot)co(dot)jp> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: javascript and postgres |
Date: | 2009-02-24 06:54:20 |
Message-ID: | 49A3999C.5060102@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
野村 wrote:
> Hello all.
>
> My javascript connects with postgres using php.
> php responds with XML for my select request.
> I wonder is there any way to access to postgres directly?
Nothing stops you passing SQL snippets from JavaScript into your PHP
code, which then dispatches then to the server and returns the results.
This is a really, really, REALLY bad idea. It allows anybody with the
ability to access your XML-RPC interface for PHP (say via XMLHttpRequest
in their browser) to send whatever SQL code they want to your server.
Do not do this unless you would also be comfortable opening the
PostgreSQL server port for direct Internet access and publishing the
username and password to use on your website. That's effectively what
you would be doing.
--
Craig Ringer
From | Date | Subject | |
---|---|---|---|
Next Message | John R Pierce | 2009-02-24 06:54:27 | Re: javascript and postgres |
Previous Message | Jordan Tomkinson | 2009-02-24 06:26:29 | Re: High cpu usage after many inserts |