John R Pierce wrote:
Stuart McGraw wrote:What is the best way to run an arbitrary query received from an untrusted source, safely?(I want a web page form with a textbox that a user can enter an arbitrary sql statement, then run it .....just keep http://xkcd.com/327/ in mind.
Yes, exactly what I would like some advice on avoiding! :-)
-- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
