Обсуждение: New macros for sequence node [pgadmin4]

Поиск
Список
Период
Сортировка

New macros for sequence node [pgadmin4]

От
Harshal Dhumal
Дата:
Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)


-- 
Harshal Dhumal
Software Engineer 



Вложения

Re: New macros for sequence node [pgadmin4]

От
Ashesh Vashi
Дата:

On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:

Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)
This is not allowed.
We can't pass on the data coming from the client blindly to the server.
It is an area, which can introduce the SQL injection in our code.

Hence - I can't allowed that.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company





-- 
Harshal Dhumal
Software Engineer 





--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers


Re: New macros for sequence node [pgadmin4]

От
Harshal Dhumal
Дата:
Hi,

Here is updated patch for macros. I have added required validation in macros.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:

Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)
This is not allowed.
We can't pass on the data coming from the client blindly to the server.
It is an area, which can introduce the SQL injection in our code.

Hence - I can't allowed that.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company





-- 
Harshal Dhumal
Software Engineer 





 --
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers



Вложения

Re: New macros for sequence node [pgadmin4]

От
Harshal Dhumal
Дата:
Hi,

PFA patch for schema macros for security and privilege.

Now I have moved macros related to schema and its child object under schemas/templates/macros/schemas folder


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 5:41 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Hi,

Here is updated patch for macros. I have added required validation in macros.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:

Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)
This is not allowed.
We can't pass on the data coming from the client blindly to the server.
It is an area, which can introduce the SQL injection in our code.

Hence - I can't allowed that.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company





-- 
Harshal Dhumal
Software Engineer 





 --
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers




Вложения

Re: New macros for sequence node [pgadmin4]

От
Harshal Dhumal
Дата:
+ Usage of macros


Way to use in template:

1] Security labels:

SECLABLE.SET(conn, object_type, object_name, provider, security_label, object.schema)

SECLABLE.UNSET(conn, object_type, object_name, provider, object.schema)

2] Privileges:

PRIVILEGE.SET(conn, object_type, grantee, object_name, privileges_without_grant, privileges_with_grant,
            object.schema)

PRIVILEGE.UNSETALL(conn, object_type, grantee, object_name, schema)



privileges_without_grant = comma separated string of privileges.
privileges_with_grant = comma separated string of privileges.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 6:57 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Hi,

PFA patch for schema macros for security and privilege.

Now I have moved macros related to schema and its child object under schemas/templates/macros/schemas folder


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 5:41 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Hi,

Here is updated patch for macros. I have added required validation in macros.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:

Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)
This is not allowed.
We can't pass on the data coming from the client blindly to the server.
It is an area, which can introduce the SQL injection in our code.

Hence - I can't allowed that.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company





-- 
Harshal Dhumal
Software Engineer 





 --
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers





Re: New macros for sequence node [pgadmin4]

От
Dave Page
Дата:
Thanks - patch applied.

On Wed, Feb 10, 2016 at 2:00 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
+ Usage of macros


Way to use in template:

1] Security labels:

SECLABLE.SET(conn, object_type, object_name, provider, security_label, object.schema)

SECLABLE.UNSET(conn, object_type, object_name, provider, object.schema)

2] Privileges:

PRIVILEGE.SET(conn, object_type, grantee, object_name, privileges_without_grant, privileges_with_grant,
            object.schema)

PRIVILEGE.UNSETALL(conn, object_type, grantee, object_name, schema)



privileges_without_grant = comma separated string of privileges.
privileges_with_grant = comma separated string of privileges.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 6:57 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Hi,

PFA patch for schema macros for security and privilege.

Now I have moved macros related to schema and its child object under schemas/templates/macros/schemas folder


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 5:41 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:
Hi,

Here is updated patch for macros. I have added required validation in macros.


-- 
Harshal Dhumal
Software Engineer 




On Wed, Feb 10, 2016 at 1:06 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

On Tue, Feb 9, 2016 at 3:48 PM, Harshal Dhumal <harshal.dhumal@enterprisedb.com> wrote:

Hi,

PFA of macros  (privilege, security) for sequence node.

Also fixed minor issue in security macro (removed unwanted qtIdent for provider)
This is not allowed.
We can't pass on the data coming from the client blindly to the server.
It is an area, which can introduce the SQL injection in our code.

Hence - I can't allowed that.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company





-- 
Harshal Dhumal
Software Engineer 





 --
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers








--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company