On Tue, 2022-11-08 at 04:14 +0000, Jan Bilek wrote: > I know it is not exactly what you suggested (and agreeing a lot with our > app user shouldn't be running as superuser), but as all other inputs > from our application come sanitized through bind and this is the only > way where user can send an explicit command in there - I think it should do! > > Please let me know if you approve. I strongly disapprove, and any security audit you pass with such a setup is worthless. I repeat: the application does not need to connect with a superuser. I don't understand what you want to demonstrate with the code samples, or what you mean when you say that "the user can send an explicit command". Yours, Laurenz Albe
