Hi, > > The 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or > > by an administrator. > then it solves nothing... > what if the developer never SET ALLOW_LITERALS NONE
As I have said, the 'ALLOW_LITERALS NONE' mode is enabled by the developer itself, or by an administrator. The developer may be lazy, but the administrator can enforce this policy. > maybe i can inject "select * from tab where intcol = intcol; set > allow_literals all; add any query you want" How do you inject this? How would the application looks like where this can be injected? Regards, Thomas -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
