Hello, Is het possible tot REVOKE the ALTER USER command? In such a way that users cannot change their password and username? And also cannot delete themeself with DROP USER?
Now I solve the problem in PHP, to filter de SQL query string behore sending to postgresql as follows:
1. selete double, triple etc, spaces (with regular expression: ~ {2,}~)
2. upper the string (with strtoupper())
3. delete SQL commondos (with '#(ALTER USER|DROP USER)#siU'
but you can still create a pgsql function that's excute SQL commando's and maybe other ways... So this isn't a good option.
I can't make new database users. That is forbidden by my host. So i don't want to lose any users. Has someone ideas??
Greetz, Tjibbe
_________________________________________________________________
Zoek met Live Search en ervaar het verschil. Test het NU, klik hier!
http://www.live.com/?mkt=nl-nl