| From: | "Webb Sprague" <webb(dot)sprague(at)gmail(dot)com> |
|---|---|
| To: | "Steve Atkins" <steve(at)blighty(dot)com> |
| Cc: | "pgsql General" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Semi-customized queries? Subset of SQL? Accessing the parser? Injection? |
| Date: | 2008-11-04 19:46:54 |
| Message-ID: | b11ea23c0811041146k3136f656jdc3e24c7dd30afc5@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Or do it with simple combo boxes if you
> want to limit the users to crippled queries.)
I want to limit my users to *half* crippled queries -- arbitrary
column lists, where clauses, group by lists, and sort by lists. I
want to make sure that they aren't doing any data modifications nested
inside a where clause or a column definition as a subquery.
> I don't see anything that suggests hacking the SQL parser
> is going to be a useful thing to do.
I would think that I could *use* (definitely not hack -- good god!)
the parser to ask how deep the nested subqueries are, etc.
> I'm guessing that roles, constraints, resource limits and possibly
> a sacrificial replicated database will provide the answer to your
> actual problem, but we'd need to know what that is first.
I am thinking that I may need to give them all, as in all or
nothing..., and kind of follow David Wilson's plan above. I was
hoping someone had already done what Sam Mason suggested as being the
"fun thing", though ...
Oh -- I think query builders are a thing of the devil.
Thanks to all for putting up with my lack of good of writing.
-W
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Kretschmer | 2008-11-04 19:57:26 | Re: time interval format srting |
| Previous Message | Craig Ringer | 2008-11-04 19:40:58 | Re: I'm puzzled by a foreign key constraint problem |