Re: Security Issues: Allowing Clients to Execute SQL in the Backend.

From: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: "Hello World *EXTERN*" <worldanizer(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Date: 2014-04-30 07:44:08
Message-ID: A737B7A37273E048B164557ADEF4A58B17CF50D9@ntex2010i.host.magwien.gv.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello World wrote:
> Given this are there any security other issues about letting client applications execute arbitrary SQL
> commands on the backend database?

There shouldn't be any security problems, just be careful that you don't give the
user more permissions than you want to.

But a user who can execute arbitrary queries can easily bring the system down:
You can write SQL queries that keep a CPU 100% busy, that exhaust disk space
and possibly memory.

Yours,
Laurenz Albe

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Hello World 2014-04-30 07:49:37 Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Previous Message Hello World 2014-04-30 07:32:15 Security Issues: Allowing Clients to Execute SQL in the Backend.