From: | Surafel Temesgen <surafel3000(at)gmail(dot)com> |
---|---|
To: | Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Andreas Karlsson <andreas(at)proxel(dot)se>, Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Disallowing multiple queries per PQexec() |
Date: | 2017-03-02 09:01:17 |
Message-ID: | CALAY4q-6E+bhmibTq7b-QLZY04QtVZvbQprq3+2Y0FvV21vhXw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
As far as my understanding the issue at that time was inability to process
creation
of a database and connecting to it with one query string and that can be
solved by
fixing transaction restriction checks for CREATE DATABASE or disallowing
multiple
queries in PQexe.
If the issue solved and allowing multiple queries in PQexec doesn’t result
in SQL injection
attacks that worth backwards-compatibility breakage by itself the item can
be drop or
included to v4 Protocol section if it contains items that break
backwards-compatibility already
regards
surafel
On Thu, Mar 2, 2017 at 1:02 AM, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com> wrote:
> On 2/28/17 2:45 PM, Andres Freund wrote:
>
>> So if you don't want to allow multiple statements, use PQexecParams et
>> al.
>>
>
> That does leave most application authors out in the cold though, since
> they're using a higher level connection manager.
>
> If the maintenance burden isn't terribly high it would be nice to allow
> disabling multiple statements via a GUC.
> --
> Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
> Experts in Analytics, Data Architecture and PostgreSQL
> Data in Trouble? Get it in Treble! http://BlueTreble.com
> 855-TREBLE2 (855-873-2532)
>
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2017-03-02 09:36:52 | Re: Partitioned tables and relfilenode |
Previous Message | Yugo Nagata | 2017-03-02 08:45:38 | Re: [POC] hash partitioning |