c# - Npgsql run query as readonly -

- January 15, 2011

given user in connection string has write/alter/etc. permissions, there reliable way prevent data modification running user provided query?

using (npgsqltransaction transaction = conn.begintransaction()) {     using (npgsqlcommand setreadonlycommand = new npgsqlcommand("set transaction read only;", conn, transaction))     {         setreadonlycommand.executenonquery();     }      using (npgsqlcommand command = new npgsqlcommand(query, conn, transaction))     {         using (var reader = command.executereader())         {             //... read query results         }     }      transaction.rollback(); }

the snippet above has 2 safety nets - running in readonly transaction, , rolling transaction @ end.

but both of these can overridden user adding statements "set transaction read write;" , "commit;"

is there more sophisticated way of making sure ad-hoc query won't make changes db?

please note not have access db itself, cannot create sps, roles, etc. solve issue. have in case user specified connection string , user query.

Search This Blog

Swift

c# - Npgsql run query as readonly -

Comments

Post a Comment

Popular posts from this blog

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

jsf - "PropertyNotWritableException: Illegal Syntax for Set Operation" error when setting value in bean -

laravel - Undefined property: Illuminate\Pagination\LengthAwarePaginator::$id (View: F:\project\resources\views\admin\carousels\index.blade.php) -