Is it possible to do some damage to database with SELECT query?

From: "Teemu Juntunen" <teemu(dot)juntunen(at)e-ngine(dot)fi>
To: <pgsql-general(at)postgresql(dot)org>
Subject: Is it possible to do some damage to database with SELECT query?
Date: 2008-07-22 09:50:31
Message-ID: BAA5BC857BBC48E6A6179A9424987E5B@eng02
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi,

is it possible to make a SELECT query with some nasty follow up commands,
which damages the database.

Something like:

SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales >
(UPDATE order SET order=1);

I know this wont work, but is there some possibility to modify database with
SELECT query?

I'm developing an ERP where I would like to implement a statistical program
where you can write your own SELECT queries.

Best Regards,
Teemu Juntunen

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message A. Kretschmer 2008-07-22 10:20:46 Re: Is it possible to do some damage to database with SELECT query?
Previous Message Daniel Chiaramello 2008-07-22 09:48:41 Using ISpell dictionary - headaches...