On Fri, Apr 11, 2008 at 9:21 PM, Ivan Sergio Borgonovo
<mail@xxxxxxxxxxxxxxx> wrote:
> Is there a switch (php side or pg side) to avoid things like:
>
> pg_query("select id from table1 where a=$i");
>
> into becoming
>
> pg_query("select id from table1 where a=1 and 1=1; do something
> nasty; -- ");
>
> So that every
> pg_query(...) can contain no more than one statement?
Well, use prepared statements.
Apart from that, make it impossible to "do something nasty". Your
php_db_user should be
allowed as little as possible. Specifically:
* she should not be owner of the tables/other objects -- this way you are safe
from nasty "DROP TABLE"s and the like.
* you should decide where she is allowed to INSERT/UPDATE/DELETE, the latter
two are the most dangerous ones.
* you should make use of referential integrity constraints -- so evil
DELETE or UPDATE
will probably fail on these. ;)
* you should provide PL/pgSQL stored procedures to update your vital
data. So evil
bulk delete/update will be harder to accomplish (if your evildoer can
craft exploit to
do it, he probably already has a lot of access to your system ;)).
...oh and think about isolating read-only acces (read only user) from
rw-user -- if
that sounds reasonable to do so.
Regards,
Dawid
