| From: | Quinn Weaver <quinn(at)fairpath(dot)com> |
|---|---|
| To: | sfpug(at)postgresql(dot)org |
| Subject: | Re: Questions for Meredith |
| Date: | 2007-01-15 01:27:17 |
| Message-ID: | 20070115012717.GA23081@tao.fairpath.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | sfpug |
On Fri, Jan 12, 2007 at 10:50:23PM -0800, Meredith L. Patterson wrote:
> [...]
> The bracket notation is convenient, but this all-or-one-or-nothing
> nature somewhat betrays the philosophy behind Dejector. If the goal is
> to create a restricted sublanguage, then it should be possible to
> selectively disallow some rule applications. For instance, if you could
> remove the rule
>
> <a_expr> ::= <a_expr> OR <a_expr>
>
> from your sublanguage, you've just removed the "OR 1=1" attack while
> still allowing other <a_expr>s into your WHERE clause.
It would be nice to have a good default restricted language built into
Dejector. For instance, Dejector should probably _always_ disallow the rule
you cite above, unless the client code explicitly overrides that behavior.
You know, secure by default... because otherwise people won't do it right.
The trick would be getting all the use cases right. Not easy, but I
bet vetting them with this list would be a good place to start.
--
Quinn Weaver DBA Fairpath
http://fairpath.com/quinn/contact/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2007-01-16 03:26:23 | Re: Questions for Meredith |
| Previous Message | Meredith L. Patterson | 2007-01-13 06:50:23 | Re: Questions for Meredith |