On Fri, Apr 11, 2008 at 9:21 PM, Ivan Sergio Borgonovo
<mail@webthatworks.it> wrote:
> Is there a switch (php side or pg side) to avoid things like:
>
> pg_query("select id from table1 where a=$i");
>
> into becoming
>
> pg_query("select id from table1 where a=1 and 1=1; do something
> nasty; -- ");
>
> So that every
> pg_query(...) can contain no more than one statement?

Well, use prepared statements.

Apart from that, make it impossible to "do something nasty". Your
php_db_user should be
allowed as little as possible. Specifically:
* she should not be owner of the tables/other objects -- this way you are safe
from nasty "DROP TABLE"s and the like.
* you should decide where she is allowed to INSERT/UPDATE/DELETE, the latter
two are the most dangerous ones.
* you should make use of referential integrity constraints -- so evil
DELETE or UPDATE
will probably fail on these.
* you should provide PL/pgSQL stored procedures to update your vital
data. So evil
bulk delete/update will be harder to accomplish (if your evildoer can
craft exploit to
do it, he probably already has a lot of access to your system ).

....oh and think about isolating read-only acces (read only user) from
rw-user -- if
that sounds reasonable to do so.

Regards,
Dawid

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general