All Questions
4 questions
3votes
1answer
706views
Does "row-level security" actually serve a security purpose?
Row-level security is often an industry requirement in secure environments, such as those dealing with payment cards. It's supported by most major relational databases, including PostgreSQL, Microsoft ...
- 5,468
2votes
0answers
146views
When using parameterized SQL queries, is there still any *security* issue with simply blindly accepting user input variables?
Suppose I have this: parameterized_database_call('SELECT * FROM widgets WHERE id = $1', $_GET['widget_id']); The SQL query is parameterized, as I've done for many years now. (I'm trying to repress ...
- 21
1vote
1answer
251views
What kinds of attacks are possible with credentials to a read-only Postgres user?
Assuming I implement the literal SQL-injection on an HTTP endpoint with a read-only user that limits execution time to e.g. some amount of seconds. What's the worst that could happen? I know simple ...
- 153
21votes
4answers
6kviews
Do stored procedures prevent SQL Injection in PostgreSQL?
Is it true that stored procedures will prevent databases from being injected? I did a little research and I found out that SQL-Server, Oracle and MySQL are not safe against SQL injections if we only ...
- 3,153
