| From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | Chris Spotts <rfusca(at)gmail(dot)com> |
| Cc: | Gus Gutoski <shared(dot)entanglement(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: help with data recovery from injected UPDATE |
| Date: | 2009-06-11 21:27:56 |
| Message-ID: | dcc563d10906111427t1e78f615ga10d0aa1c5c8f388@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Jun 11, 2009 at 1:32 PM, Chris Spotts<rfusca(at)gmail(dot)com> wrote:
>
>> It's a classic story. I'm volunteering about one day per month for
>> this project, learning SQL as I go. Priority was always given to the
>> "get it working" tasks and never the "make it safe" tasks. I had/have
>> grandiose plans to rewrite the whole system properly after I graduate.
>> Unfortunately, the inevitable corruption didn't wait that long.
> As you're learning, it sounds like parametrized queries might have saved you
> from the sql injection that caused this.
Very true, and always a good idea. However, OPs true failure here is
on the backup front. Without recent, reliable backups, on another
machine / media / datacenter etc. is the only way your data can be
truly safe.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andy Colson | 2009-06-11 21:37:28 | Re: search for partial dates |
| Previous Message | Greg Smith | 2009-06-11 21:27:24 | Re: Postgres auditing features |