Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE
Jim Nasby <jim.nasby@bluetreble.com>
From: Jim Nasby <Jim.Nasby@BlueTreble.com>
To: Bruce Momjian <bruce@momjian.us>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: David Fetter <david@fetter.org>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2016-09-11T03:08:58Z
Lists: pgsql-hackers
On 8/1/16 11:38 AM, Bruce Momjian wrote: > I am hoping for a "novice" mode that issues warnings about possible > bugs, e.g. unintentionally-correlated subselect, and this could be part > of that. Somewhat related; I've recently been wondering about a mode that disallows Const's in queries coming from specific roles. The idea there is to make it impossible for an application to pass a constant in, which would make it impossible for SQL injection to happen. With how magical modern frameworks/languages are, it's often impossible to enforce that at the application layer. -- Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX Experts in Analytics, Data Architecture and PostgreSQL Data in Trouble? Get it in Treble! http://BlueTreble.com 855-TREBLE2 (855-873-2532) mobile: 512-569-9461