Home > mailing lists

Re: Revoking usage of pg_catalog - Mailing list pgsql-admin

From	John DeSoi
Subject	Re: Revoking usage of pg_catalog
Date	May 9, 2007 23:48:08
Msg-id	607E7698-2481-4FB0-A790-2230251B7424@pgedit.com Whole thread Raw
In response to	Re: Revoking usage of pg_catalog ("Daniel Cristian Cruz" <danielcristian@gmail.com>)
List	pgsql-admin

Tree view

On May 9, 2007, at 2:09 PM, Daniel Cristian Cruz wrote:

> It's a web application user. I was trying to make some database magic,
> hardening SQL injections... But its wrong, the application must be
> secure. Unfortunelly I can't have a database user for each web user...

I don't see the issue if users don't connect directly to the
database, only through your web application. You then have complete
control over any query executed. You should not have to worry about
SQL injection if you use prepared queries and stored procedures.

John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL

pgsql-admin by date:

From: "Daniel Cristian Cruz"
Date: 09 May 2007, 18:09:48
Subject: Re: Revoking usage of pg_catalog

From: "Carin Westblom"
Date: 10 May 2007, 03:56:26
Subject: finding fragmented tables

Re: Revoking usage of pg_catalog - Mailing list pgsql-admin

Previous

Next