Home > mailing lists

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. - Mailing list pgsql-general

From	Albe Laurenz
Subject	Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Date	April 30, 2014 10:44:18
Msg-id	A737B7A37273E048B164557ADEF4A58B17CF50D9@ntex2010i.host.magwien.gv.at Whole thread Raw
In response to	Security Issues: Allowing Clients to Execute SQL in the Backend. (Hello World <worldanizer@gmail.com>)
Responses	Re: Security Issues: Allowing Clients to Execute SQL in the Backend. (Hello World <worldanizer@gmail.com>)
List	pgsql-general

Tree view

Hello World wrote:
> Given this are there any security other issues about letting client applications execute arbitrary SQL
> commands on the backend database?

There shouldn't be any security problems, just be careful that you don't give the
user more permissions than you want to.

But a user who can execute arbitrary queries can easily bring the system down:
You can write SQL queries that keep a CPU 100% busy, that exhaust disk space
and possibly memory.

Yours,
Laurenz Albe

pgsql-general by date:

From: Hello World
Date: 30 April 2014, 10:32:23
Subject: Security Issues: Allowing Clients to Execute SQL in the Backend.

From: Hello World
Date: 30 April 2014, 10:49:42
Subject: Re: Security Issues: Allowing Clients to Execute SQL in the Backend.

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. - Mailing list pgsql-general

Previous

Next