Quick Links

Re: Security Issues: Allowing Clients to Execute SQL in the Backend.

From:	Hello World <worldanizer(at)gmail(dot)com>
To:	Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject:	Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Date:	2014-04-30 10:19:31
Message-ID:	CAB8jeLncNnnS-ePEkwAL-Z--rk_1x+fXWsRYCzMh1QbjcdqKFw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

> SET statement_timeout=0;
> SET work_mem=1024GB;
>

I just realized about the SET command.

Isn't it weird that any user can set parameters such as this that will
apply server wide? to all future sessions?

I noticed that some of the parameters can only be set by superusers, and
some require re-start, but still. Anybody can re-configure the server.....
??

In response to

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. at 2014-04-30 09:44:04 from Albe Laurenz

Responses

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. at 2014-04-30 11:08:53 from Geoff Montee

Browse pgsql-general by date

	From	Date	Subject
Next Message	Francisco Olarte	2014-04-30 11:03:03	Re: Vacuuming strategy
Previous Message	Willy-Bas Loos	2014-04-30 09:50:06	Re: importing a messy text file