On Mon, Oct 19, 2009 at 12:57 PM, Pavel Stehule <pavel.steh...@gmail.com> wrote: > It is not practical. I'll log errors. Usually SQL injection generates > lot of errors. Loging all statements has not sense. What is difference > bad and good SQL statement.? Maybe multistatements are good candidates > for log as possible attackers statements. On highly load databases > loging all statements significantly increase load :(
Ahh, I see. >> My point is, that the query to change the app name is logged using the >> *original* app name, thus it will not be discarded by the log analysis >> tools in your scenario. >> > > I thing, so change of original name should generate warning. Well, if other people think that's necessary, it's certainly possible. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
