Hi,
> > The 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or
> > by an administrator.
> then it solves nothing...
> what if the developer never SET ALLOW_LITERALS NONE
As I have said, the 'ALLOW_LITERALS NONE' mode is enabled by the
developer itself, or by an administrator. The developer may be lazy,
but the administrator can enforce this policy.
> maybe i can inject "select * from tab where intcol = intcol; set
> allow_literals all; add any query you want"
How do you inject this? How would the application looks like where
this can be injected?
Regards,
Thomas
--
Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-sql