On Thu, Jan 18, 2018 at 12:19 PM, Garry Chen <gc92@cornell.edu> wrote:
In that case what is the best practice for it? Any suggestion.
Please don't top-post.
Maybe you should explain why you want to do such a thing first. There isn't really any practice, let alone a best one, to do exactly what you say. Most system variables are changeable by users. There are some that can be changed that could be abused but the general thinking is that while doing so maliciously is possible there are lots of others ways a user with access to a database session can cause you grief too and that solutions to this attack vector are social, not technical, in nature.