user-based query white list
| От | Andrew Chernow |
|---|---|
| Тема | user-based query white list |
| Дата | |
| Msg-id | 493AC2C6.3030007@esilo.com обсуждение исходный текст |
| Ответы |
Re: user-based query white list
Re: user-based query white list |
| Список | pgsql-hackers |
Looking for a way to limited a user to a specific set of queries. I don't think this can be done right now ... or can it? Has this feature request surfaced in the past? I currently need this as an extra security measure for a libpq client app (want to block arbitrary queries from malicious attackers). The easiest way I found was to add some query_string checks into backend/tcop/postgres.c for the 'Q' and 'P' commands in PostgresMain(). Seems to work just fine. If it doesn't match, I issue an ereport FATAL since that is seen as a "malicious query execution attempt". I think it is something rather simple to design/implement (probably use a table of user allowed queries, support regex matches, etc.. loaded at session startup and SIGHUP). -- Andrew Chernow eSilo, LLC every bit counts http://www.esilo.com/
В списке pgsql-hackers по дате отправления: