Обсуждение: [HACKERS] user-based query white list

Поиск
Список
Период
Сортировка

[HACKERS] user-based query white list

От
Tim Burgan
Дата:
This old thread on "user-based query white list" is now nearly 10 years old!

Since then, is it now possible to configure a user to only be able to execute a limited white-listing of queries? Is this something that could now be implemented through extensions?

Re: [HACKERS] user-based query white list

От
Euler Taveira
Дата:
2017-07-03 3:11 GMT-03:00 Tim Burgan <timburgan@gmail.com>:

Since then, is it now possible to configure a user to only be able to execute a limited white-listing of queries? Is this something that could now be implemented through extensions?

Since pg_stat_statements infrastructure, it is possible to create extensions that prohibit query execution for certain users (see sql_firewall [1] as an example).


[1] https://github.com/uptimejp/sql_firewall


--
   Euler Taveira                                   Timbira - http://www.timbira.com.br/
   PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento