| From: | John DeSoi <desoi(at)pgedit(dot)com> |
|---|---|
| To: | Daniel Cristian Cruz <danielcristian(at)gmail(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Revoking usage of pg_catalog |
| Date: | 2007-05-09 23:47:57 |
| Message-ID: | 607E7698-2481-4FB0-A790-2230251B7424@pgedit.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On May 9, 2007, at 2:09 PM, Daniel Cristian Cruz wrote:
> It's a web application user. I was trying to make some database magic,
> hardening SQL injections... But its wrong, the application must be
> secure. Unfortunelly I can't have a database user for each web user...
I don't see the issue if users don't connect directly to the
database, only through your web application. You then have complete
control over any query executed. You should not have to worry about
SQL injection if you use prepared queries and stored procedures.
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Carin Westblom | 2007-05-10 03:56:13 | finding fragmented tables |
| Previous Message | Srinivas Kotapally | 2007-05-09 21:15:31 | Issue with upgrade |