| From: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | "Webb Sprague" <webb(dot)sprague(at)gmail(dot)com> |
| Cc: | "Steve Atkins" <steve(at)blighty(dot)com>, "pgsql General" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Semi-customized queries? Subset of SQL? Accessing the parser? Injection? |
| Date: | 2008-11-04 21:21:45 |
| Message-ID: | dcc563d10811041321n48ef01d6odabb320cb5afb5b7@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Nov 4, 2008 at 12:46 PM, Webb Sprague <webb(dot)sprague(at)gmail(dot)com> wrote:
>> Or do it with simple combo boxes if you
>> want to limit the users to crippled queries.)
>
> I want to limit my users to *half* crippled queries -- arbitrary
> column lists, where clauses, group by lists, and sort by lists. I
> want to make sure that they aren't doing any data modifications nested
> inside a where clause or a column definition as a subquery.
>
Well, setting proper permissions will prevent them from making
changes. So I do think the generic "throw a query at the db and turn
the result into a table" will probably work ok. As long as you aren't
talking millions of rows. You could detect result sets over x number
of rows and just give the user a link to download the data in a csv
file if it's over that threshold.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | A.M. | 2008-11-04 21:26:05 | Re: postgresql and Mac OS X |
| Previous Message | Steve Atkins | 2008-11-04 21:15:06 | Re: postgresql and Mac OS X |