Re: help with data recovery from injected UPDATE - Mailing list pgsql-general

From Chris Spotts
Subject Re: help with data recovery from injected UPDATE
Date
Msg-id 000d01c9eb5d$4e193310$ea4b9930$@com
Whole thread Raw
In response to Re: help with data recovery from injected UPDATE  (Scott Marlowe <scott.marlowe@gmail.com>)
List pgsql-general
> >> It's a classic story.  I'm volunteering about one day per month for
> >> this project, learning SQL as I go.  Priority was always given to
> the
> >> "get it working" tasks and never the "make it safe" tasks.  I
> had/have
> >> grandiose plans to rewrite the whole system properly after I
> graduate.
> >>  Unfortunately, the inevitable corruption didn't wait that long.
> > As you're learning, it sounds like parametrized queries might have
> saved you
> > from the sql injection that caused this.
>
> Very true, and always a good idea.  However, OPs true failure here is
> on the backup front.  Without recent, reliable backups, on another
> machine / media / datacenter etc. is the only way your data can be
> truly safe.
[Spotts, Christopher]
Oh absolutely. Regardless of anything you do on the functional aspect, you'd
still need backups.  I was just saying that if you're eventually going to
redesign (like mentioned), a nudge towards parameterized queries doesn't
hurt.


pgsql-general by date:

Previous
From: Yaroslav Tykhiy
Date:
Subject: Re: How to store text files in the postgresql?
Next
From: Jasen Betts
Date:
Subject: Re: Libpq on windows