Thread: New macros for sequence node [pgadmin4]
Attachment
On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Also fixed minor issue in security macro (removed unwanted qtIdent for provider)Hi,PFA of macros (privilege, security) for sequence node.
--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Also fixed minor issue in security macro (removed unwanted qtIdent for provider)Hi,PFA of macros (privilege, security) for sequence node.This is not allowed.We can't pass on the data coming from the client blindly to the server.It is an area, which can introduce the SQL injection in our code.Hence - I can't allowed that.--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
Attachment
Hi,Here is updated patch for macros. I have added required validation in macros.On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Also fixed minor issue in security macro (removed unwanted qtIdent for provider)Hi,PFA of macros (privilege, security) for sequence node.This is not allowed.We can't pass on the data coming from the client blindly to the server.It is an area, which can introduce the SQL injection in our code.Hence - I can't allowed that.--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
Attachment
Way to use in template:
SECLABLE.SET(conn, object_type, object_name, provider, security_label, object.schema)
SECLABLE.UNSET(conn, object_type, object_name, provider, object.schema)
PRIVILEGE.SET(conn, object_type, grantee, object_name, privileges_without_grant, privileges_with_grant,
object.schema)
PRIVILEGE.UNSETALL(conn, object_type, grantee, object_name, schema)
privileges_without_grant = comma separated string of privileges.
privileges_with_grant = comma separated string of privileges.
Now I have moved macros related to schema and its child object under schemas/templates/macros/schemas folderHi,PFA patch for schema macros for security and privilege.On Wed, Feb 10, 2016 at 5:41 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:Hi,Here is updated patch for macros. I have added required validation in macros.On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Also fixed minor issue in security macro (removed unwanted qtIdent for provider)Hi,PFA of macros (privilege, security) for sequence node.This is not allowed.We can't pass on the data coming from the client blindly to the server.It is an area, which can introduce the SQL injection in our code.Hence - I can't allowed that.--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
+ Usage of macros1] Security labels:
Way to use in template:
SECLABLE.SET(conn, object_type, object_name, provider, security_label, object.schema)
SECLABLE.UNSET(conn, object_type, object_name, provider, object.schema)2] Privileges:
PRIVILEGE.SET(conn, object_type, grantee, object_name, privileges_without_grant, privileges_with_grant,
object.schema)
PRIVILEGE.UNSETALL(conn, object_type, grantee, object_name, schema)
privileges_without_grant = comma separated string of privileges.
privileges_with_grant = comma separated string of privileges.On Wed, Feb 10, 2016 at 6:57 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:Now I have moved macros related to schema and its child object under schemas/templates/macros/schemas folderHi,PFA patch for schema macros for security and privilege.On Wed, Feb 10, 2016 at 5:41 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:Hi,Here is updated patch for macros. I have added required validation in macros.On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Also fixed minor issue in security macro (removed unwanted qtIdent for provider)Hi,PFA of macros (privilege, security) for sequence node.This is not allowed.We can't pass on the data coming from the client blindly to the server.It is an area, which can introduce the SQL injection in our code.Hence - I can't allowed that.--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company