Rails, Postgres, environment variables, Ubuntu, no PL/R

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Rails, Postgres, environment variables, Ubuntu, no PL/R

Ralph Shnelvar
This may be more of a Postgres question than a Rails or Ruby question but ... since I want to do this in a Rails environment ...

I store my Postgres password in an environment variable whose name is a long randomly generated string in the appropriate format for an Ubuntu environment variable name..

Is it possible to get a list of environment variables from a (SELECT?) statement when executing an arbitrary SQL statement such as the two immediately below.
# Get a connection to a user's database.
# Once my question is answered, I'll want to ask questions about how the statmeent immediately below interacts with Rails'
#   connection pool.
= PGconn.connect("localhost", 5432,"","","my_database_development","MyUserName","MyObviousPassword")

  client_ip inet,
  username text,
  ts timestamp,
  request text,
  status smallint,
  bytes int

# Is there some way to break my security model?
# Note, I'm picking up the text of exec_sql_stmt_BAD_BAD_BAD from a form.  Hence the use of single quotes to prevent interpolation.
Some statement that will break my security model by giving a list of environment variables;

# This will execute just fine
= conn.exec( exec_sql_OK )

# I hope there is no SQL statement that will fetch a list of environment variables if PL/R is not installed.
= conn.exec( exec_sql_stmt_ BAD_BAD_BAD )

It is important to note that I have NOT installed R or PL/R.

Note: If PL/R is installed one can use the plr_environ() function to get a list of environment variables

Does anyone know a good (best?) forum to ask questions?  I see Reddit link but if you know of a better place, I'm all ears.

You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/2b0c7c93-cc9f-4601-aca2-cabd03b51318%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.