From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | David Fetter <david(at)fetter(dot)org>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE |
Date: | 2016-09-11 03:08:58 |
Message-ID: | 361cb074-285d-c9fe-ef6f-71374e59b3cb@BlueTreble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 8/1/16 11:38 AM, Bruce Momjian wrote:
> I am hoping for a "novice" mode that issues warnings about possible
> bugs, e.g. unintentionally-correlated subselect, and this could be part
> of that.
Somewhat related; I've recently been wondering about a mode that
disallows Const's in queries coming from specific roles. The idea there
is to make it impossible for an application to pass a constant in, which
would make it impossible for SQL injection to happen. With how magical
modern frameworks/languages are, it's often impossible to enforce that
at the application layer.
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532) mobile: 512-569-9461
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2016-09-11 03:10:26 | Re: [PATCH] Generic type subscription |
Previous Message | Jim Nasby | 2016-09-11 03:05:58 | Re: [PATCH] Alter or rename enum value |