Home > mailing lists

Re: Feature request: Settings to disable comments and multiple statements in a connection - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Feature request: Settings to disable comments and multiple statements in a connection
Date	June 5 02:05:52
Msg-id	1079732.1749078352@sss.pgh.pa.us Whole thread Raw
In response to	Feature request: Settings to disable comments and multiple statements in a connection (Glen K <glenk1973@hotmail.com>)
Responses	Re: Feature request: Settings to disable comments and multiple statements in a connection
List	pgsql-general

Tree view

Glen K <glenk1973@hotmail.com> writes:
> My feature requests are thus:

> Provide a client connection option (and/or implement the backend support) to disallow comments in SQL statements

I don't believe that this would move the needle on SQL-injection
safety by enough to be worth doing.  An injection attack is normally
trying to break out of a quoted string, not a comment.

> Provide a client connection option (and/or implement the backend support) to allow only one statement in an execute
request

This exists already; you just have to use the extended query protocol.

> Provide an option in the client execute functions (and/or implement
> the backend support) to specify the expected number of statements.

I don't see the need for this given #2.

            regards, tom lane

pgsql-general by date:

From: Glen K
Date: 05 June, 01:41:15
Subject: Feature request: Settings to disable comments and multiple statements in a connection

From: Ron Johnson
Date: 05 June, 02:17:02
Subject: Re: Yet more ROLE changes in v18 beta1???

Re: Feature request: Settings to disable comments and multiple statements in a connection - Mailing list pgsql-general

Previous

Next