uptimejp / sql_firewall Goto Github PK
View Code? Open in Web Editor NEWSQL Firewall Extension for PostgreSQL
Home Page: http://pgsnaga.blogspot.jp/2015/08/postgresql-sql-firewall.html
License: Other
SQL Firewall Extension for PostgreSQL
Home Page: http://pgsnaga.blogspot.jp/2015/08/postgresql-sql-firewall.html
License: Other
Hi,
When I compiled this module on MacOS, I got the following compiler warning.
sql_firewall.c:232:39: warning: unused variable 'track_options' [-Wunused-const-variable]
static const struct config_enum_entry track_options[] =
^
1 warning generated.
Regards,
Remove unused code and clean up to improve maintainability.
Hi,
When I ran the following steps, I got unexpected warning messages.
Is this a bug? Or am I missing something?
The last call of pgbench -i caused the following warning messages.
WARNING: Prohibited SQL statement
BTW, I performend the above steps by executing the following
shell script.
bin/pg_ctl -D data stop -m f
rm -rf data
bin/initdb -D data --no-locale --encoding=UTF8
echo "shared_preload_libraries = 'sql_firewall'" >> data/postgresql.conf
echo "sql_firewall.firewall = 'disabled'" >> data/postgresql.conf
bin/pg_ctl -D data start -w
bin/psql <<EOF
CREATE EXTENSION sql_firewall;
ALTER SYSTEM SET sql_firewall.firewall = 'learning';
EOF
bin/pg_ctl -D data restart -w
bin/pgbench -i
bin/psql <<EOF
SELECT * FROM sql_firewall.sql_firewall_statements;
ALTER SYSTEM SET sql_firewall.firewall = 'permissive';
EOF
bin/pg_ctl -D data restart -w
bin/pgbench -i
Regards,
QueryId would be different between different PostgreSQL major versions, so the rule file produced by sql_firewall_export_rule() is not compatible between different PostgreSQL versions.
Hi!
Is there any plan for adding support for the newer releases of PostgreSQL database?
Best regards,
Jakub
Hello :)
Here is an ebuild for gentoo based systems uu/ubuilds@c94a485
But I'm not sure about the license you use.
Thanks!
QueryId depends on relation oid instead of relation name, because jumbling query use relation oid.
https://github.com/uptimejp/sql_firewall/blob/develop/sql_firewall.c#L2784
So, queryid would be different in different locations or different timing (c.f. after dump & restore)
even if the table name and query are exact the same ones.
Needs to be fixed to improve portability of the rule file.
It seems like having per-user permissions would be needed to make this usable in production
How (can) does one add rules to a system without putting it into learning mode and thus expose the database during changes?
A use case seems to be training during testing/staging and then moving that training data to the production system. Is this possible?
Add feature for ALTER ROLE ... SET ... to enable/disable the firewall feature for each PostgreSQL user/role.
sql_firewall_import_rule() does not report any error when a directory is passed.
Reported by Noriyoshi Shinoda
In first I want to thank you for this amazing tool !
This is a feature request issue, to protect our postgresql clusters against bad queries (like sorting billions of tuples when only some parts are needed) have you plan to add a blacklist feature ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.