Tom Lane wrote:
> Bearing in mind that I'm not really for this at all...
It's a band-aid, but certainly there are cases
where a DBA confronted to a badly written website
would just want to be able to: ALTER USER webuser SET allow_multiple_queries TO off;
> But if an attacker is able to inject a SET command,
> he's already found a way around it. So there's no real
> point in locking down the GUC to prevent that.
I can think of the following case, where given the SQL-injectable select id from users where email='$email';
an attacker would submit this string in $email: foo' AND set_config('allow_multiple_queries', 'on', false)='on
which opens the rest of the session for a second injection, this
time in the form of several colon-separated commands that
would do the actual damage.
Best regards,
--
Daniel Vérité
PostgreSQL-powered mailer: http://www.manitou-mail.org
Twitter: @DanielVerite