Re: how to preserve \n in select statement
| От | Richard Huxton |
|---|---|
| Тема | Re: how to preserve \n in select statement |
| Дата | |
| Msg-id | 200312221048.20783.dev@archonet.com обсуждение исходный текст |
| Ответ на | Re: how to preserve \n in select statement ("Denis" <sqllist@coralindia.com>) |
| Список | pgsql-sql |
On Monday 22 December 2003 09:37, Denis wrote: > Hi Richard.. > > If your users are required to fire only SELECT and no DML, you can do the > following: > > BEGIN; > execute the statements given by user > ROLLBACK; > > This will not affect your SELECT and also if any malicious user gives > DELETE statement, that will not have any impact too.. An interesting idea, though you'd need to be careful with side-effects (triggers/functions etc). I seem to recall a "read-only" setting being discussed for transactions too (though not as a security measure, I should emphasise). The other thing is to use the database user/group mechanism - something which tends to be neglected with web-based apps (partly because different DBs have different setups here). If only an application super-user can add/delete users make sure the permissions reflect this and connect as a more restricted user for other logins. -- Richard Huxton Archonet Ltd
В списке pgsql-sql по дате отправления: