Home > mailing lists

Re: Disallow SET command in a postgresql server - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Disallow SET command in a postgresql server
Date	April 9, 2013 18:47:16
Msg-id	2243.1365522432@sss.pgh.pa.us Whole thread Raw
In response to	Disallow SET command in a postgresql server (Fabio Rueda Carrascosa <avances123@gmail.com>)
Responses	Re: Disallow SET command in a postgresql server
List	pgsql-general

Tree view

Fabio Rueda Carrascosa <avances123@gmail.com> writes:
> Im planning to publish my postgresql server to a few untrusted clients.
> I dont want them to modify any runtime setting, like work_mem or something
> risky to my server. In general I assume the pg_catalog schema is public but
> I don't want to allow updating pg_settings at all.

If you're allowing untrustworthy users to execute arbitrary SQL,
preventing them from using SET would not make very much difference
in how much trouble they can cause.  You're wasting your time worrying
about this.

            regards, tom lane

pgsql-general by date:

From: Fabio Rueda Carrascosa
Date: 09 April 2013, 18:28:50
Subject: Disallow SET command in a postgresql server

From: Fabio Rueda Carrascosa
Date: 09 April 2013, 18:58:18
Subject: Re: Disallow SET command in a postgresql server

Re: Disallow SET command in a postgresql server - Mailing list pgsql-general

Previous

Next