Re: Application name patch - v2
| От | Pavel Stehule |
|---|---|
| Тема | Re: Application name patch - v2 |
| Дата | |
| Msg-id | 162867790910190123x4ffbe69fwe4b9180b85fb7035@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Application name patch - v2 (Dave Page <dpage@pgadmin.org>) |
| Ответы |
Re: Application name patch - v2
Re: Application name patch - v2 |
| Список | pgsql-hackers |
2009/10/19 Dave Page <dpage@pgadmin.org>: > On Mon, Oct 19, 2009 at 8:54 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote: >> I dislike write access to app name guc for user too. It's not safe. >> Maybe only super user can do it? > > That'll render it pretty useless, as most applications wouldn't then > be able to set/reset it when it makes sense to do so. But application can do it simply via connection string, no? Mostly applications has connection string in configuration, so I don't see problem there. And if I would to allow access, then I could to wrap setting to security definer function. I see this as security hole. It allows special SQL injection. Regards Pavel Stehule > > > -- > Dave Page > EnterpriseDB UK: http://www.enterprisedb.com >
В списке pgsql-hackers по дате отправления: