| From: | "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com> |
|---|---|
| To: | "Thomas Kellerer" <spam_eater(at)gmx(dot)net> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-04-27 08:48:55 |
| Message-ID: | 5f211bd50804270148i3f658043o8f7f13852859922b@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Hi,
> I fail to see how the backend could distinguish between a query sent by a
> query tool and a query sent by an "application".
The backend could use a different client library (a client library
that doesn't allow literals). But in this case two or three client
libraries are required.
Probably better is to restrict in the database.
There would be a user (or role) for the query tool and one for the
application. Maybe the SET ALLOW_LITERALS is not such a good idea.
What about REVOKE LITERAL_TEXT FROM APP_ROLE. So LITERAL_TEXT and
LITERAL_NUMBER would be rights (similar to REVOKE USAGE ON LANGUAGE
... FROM ...).
It's an access rights problem. Let's say there is a development
database (DEV_DB) and a production (PROD_DB). There are two users /
roles on those systems: APP_USER (no literals) and QUERY_TOOL_USER
(literals allowed). The passwords are different on each system.
Developers know the password for QUERY_TOOL_USER(at)DEV_DB and
APP_USER(at)DEV_DB, but only APP_USER(at)PROD_DB(dot) Or developers know all
passwords, but the application configuration is rewieved not to use
QUERY_TOOL_USER.
Regards,
Thomas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Mueller | 2008-04-27 09:08:56 | Re: Protection from SQL injection |
| Previous Message | Thomas Mueller | 2008-04-27 07:08:30 | Re: Protection from SQL injection |