Re: Running untrusted sql safely?

[John R Pierce <pierce@xxxxxxxxxxxx>]

Stuart McGraw wrote:
> What is the best way to run an arbitrary 
> query received from an untrusted source, 
> safely?  
>
> (I want a web page form with a textbox that
> a user can enter an arbitrary sql statement,
> then run it .....
>   


just keep http://xkcd.com/327/ in mind.



--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general