Re: Feature request: Settings to disable comments and multiple statements in a connection
| От | Tom Lane |
|---|---|
| Тема | Re: Feature request: Settings to disable comments and multiple statements in a connection |
| Дата | |
| Msg-id | 1079732.1749078352@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Feature request: Settings to disable comments and multiple statements in a connection (Glen K <glenk1973@hotmail.com>) |
| Ответы |
Re: Feature request: Settings to disable comments and multiple statements in a connection
Re: Feature request: Settings to disable comments and multiple statements in a connection Re: Feature request: Settings to disable comments and multiple statements in a connection |
| Список | pgsql-general |
Glen K <glenk1973@hotmail.com> writes:
> My feature requests are thus:
> Provide a client connection option (and/or implement the backend support) to disallow comments in SQL statements
I don't believe that this would move the needle on SQL-injection
safety by enough to be worth doing. An injection attack is normally
trying to break out of a quoted string, not a comment.
> Provide a client connection option (and/or implement the backend support) to allow only one statement in an execute
request
This exists already; you just have to use the extended query protocol.
> Provide an option in the client execute functions (and/or implement
> the backend support) to specify the expected number of statements.
I don't see the need for this given #2.
regards, tom lane
В списке pgsql-general по дате отправления: