Re: [HACKERS] Disallowing multiple queries per PQexec()

Поиск
Список
Период
Сортировка
От Surafel Temesgen
Тема Re: [HACKERS] Disallowing multiple queries per PQexec()
Дата
Msg-id CALAY4q-6E+bhmibTq7b-QLZY04QtVZvbQprq3+2Y0FvV21vhXw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] Disallowing multiple queries per PQexec()  (Jim Nasby <Jim.Nasby@BlueTreble.com>)
Список pgsql-hackers
Дерево обсуждения

As far as my understanding the issue at that time was inability to process creation 

of a database and connecting to it with one query string and that can be solved by 

fixing transaction restriction checks for CREATE DATABASE or disallowing multiple 

queries in PQexe.


If the issue solved and allowing multiple queries in PQexec doesn’t result in SQL injection 

attacks that worth backwards-compatibility breakage by itself the item can be drop or 

included to v4 Protocol section if it contains items that break backwards-compatibility already


regards

surafel


On Thu, Mar 2, 2017 at 1:02 AM, Jim Nasby <Jim.Nasby@bluetreble.com> wrote:
On 2/28/17 2:45 PM, Andres Freund wrote:
So if you don't want to allow multiple statements, use PQexecParams et
al.

 That does leave most application authors out in the cold though, since they're using a higher level connection manager.

If the maintenance burden isn't terribly high it would be nice to allow disabling multiple statements via a GUC.
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Yugo Nagata
Дата:
Сообщение: Re: [HACKERS] [POC] hash partitioning
Следующее
От: Robert Haas
Дата:
Сообщение: Re: [HACKERS] Partitioned tables and relfilenode