| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Garry Chen <gc92(at)cornell(dot)edu> |
| Cc: | "pgsql-novice(at)lists(dot)postgresql(dot)org" <pgsql-novice(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: how to remove set_config from all user |
| Date: | 2018-01-18 19:36:05 |
| Message-ID: | CAKFQuwZk9tEvuFGPTX9GE3GjqsU+DSEBmaFBh836yUXRvU3=wg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Thu, Jan 18, 2018 at 12:19 PM, Garry Chen <gc92(at)cornell(dot)edu> wrote:
> In that case what is the best practice for it? Any suggestion.
>
Please don't top-post.
Maybe you should explain why you want to do such a thing first. There
isn't really any practice, let alone a best one, to do exactly what you
say. Most system variables are changeable by users. There are some that
can be changed that could be abused but the general thinking is that while
doing so maliciously is possible there are lots of others ways a user with
access to a database session can cause you grief too and that solutions to
this attack vector are social, not technical, in nature.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Garry Chen | 2018-01-18 19:49:06 | RE: how to remove set_config from all user |
| Previous Message | Garry Chen | 2018-01-18 19:19:17 | RE: how to remove set_config from all user |