Home > mailing lists

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. - Mailing list pgsql-general

From	Hello World
Subject	Re: Security Issues: Allowing Clients to Execute SQL in the Backend.
Date	April 30, 2014 13:19:42
Msg-id	CAB8jeLncNnnS-ePEkwAL-Z--rk_1x+fXWsRYCzMh1QbjcdqKFw@mail.gmail.com Whole thread Raw
In response to	Re: Security Issues: Allowing Clients to Execute SQL in the Backend. (Albe Laurenz <laurenz.albe@wien.gv.at>)
Responses	Re: Security Issues: Allowing Clients to Execute SQL in the Backend. (Geoff Montee <geoff.montee@gmail.com>)
List	pgsql-general

Tree view

SET statement_timeout=0;
SET work_mem=1024GB;

I just realized about the SET command.

Isn't it weird that any user can set parameters such as this that will apply server wide? to all future sessions?

I noticed that some of the parameters can only be set by superusers, and some require re-start, but still. Anybody can re-configure the server..... ??

pgsql-general by date:

From: Willy-Bas Loos
Date: 30 April 2014, 12:50:16
Subject: Re: importing a messy text file

From: Francisco Olarte
Date: 30 April 2014, 14:03:43
Subject: Re: Vacuuming strategy

Re: Security Issues: Allowing Clients to Execute SQL in the Backend. - Mailing list pgsql-general

Previous

Next