On Tue, Jul 22, 2008 at 12:20:46PM +0200, A. Kretschmer wrote:
> > is it possible to make a SELECT query with some nasty follow up commands,
> > which damages the database.
> >
> > Something like:
> >
> > SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales >
> > (UPDATE order SET order=1);
> >
> > I know this wont work, but is there some possibility to modify database
> > with SELECT query?
>
> Sure, with sql-injection. There are a lot to read via google, for
> instance http://en.wikipedia.org/wiki/SQL_injection
That's why on important databases you'd configure them
"set default_transaction_read_only to on"
and only reverse that connect by connect when a writable
connection is truly needed. That way injectors will not only
have to hijack *any* connection but pick the right one, too.
It also nicely keeps average users from destroying their
data with admin tools like pgadmin etc.
And then there's role based per-table permissions, of course.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346