Thread: [HACKERS] user-based query white list

[HACKERS] user-based query white list

From

Tim Burgan

Date:

03 July 2017, 12:11:00

This old thread on "user-based query white list" is now nearly 10 years old!

http://grokbase.com/t/postgresql/pgsql-hackers/08c6zh42fa/user-based-query-white-list

Since then, is it now possible to configure a user to only be able to execute a limited white-listing of queries? Is this something that could now be implemented through extensions?

Re: [HACKERS] user-based query white list

From

Euler Taveira

Date:

03 July 2017, 19:23:27

2017-07-03 3:11 GMT-03:00 Tim Burgan <timburgan@gmail.com>:

Since then, is it now possible to configure a user to only be able to execute a limited white-listing of queries? Is this something that could now be implemented through extensions?

Since pg_stat_statements infrastructure, it is possible to create extensions that prohibit query execution for certain users (see sql_firewall [1] as an example).

[1] https://github.com/uptimejp/sql_firewall

--

Euler Taveira Timbira - http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento