Home > mailing lists

Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE - Mailing list pgsql-hackers

From	Jim Nasby
Subject	Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE
Date	September 11, 2016 06:09:13
Msg-id	361cb074-285d-c9fe-ef6f-71374e59b3cb@BlueTreble.com Whole thread Raw
In response to	Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

On 8/1/16 11:38 AM, Bruce Momjian wrote:
> I am hoping for a "novice" mode that issues warnings about possible
> bugs, e.g. unintentionally-correlated subselect, and this could be part
> of that.

Somewhat related; I've recently been wondering about a mode that 
disallows Const's in queries coming from specific roles. The idea there 
is to make it impossible for an application to pass a constant in, which 
would make it impossible for SQL injection to happen. With how magical 
modern frameworks/languages are, it's often impossible to enforce that 
at the application layer.
-- 
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)   mobile: 512-569-9461

pgsql-hackers by date:

From: Jim Nasby
Date: 11 September 2016, 06:06:16
Subject: Re: [PATCH] Alter or rename enum value

From: Jim Nasby
Date: 11 September 2016, 06:10:49
Subject: Re: [PATCH] Generic type subscription

Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE - Mailing list pgsql-hackers

Previous

Next