Rails, Postgres, environment variables, Ubuntu, no PL/R
This may be more of a Postgres question than a Rails or Ruby question but ... since I want to do this in a Rails environment ...
I store my Postgres password in an environment variable whose name is a long randomly generated string in the appropriate format for an Ubuntu environment variable name..
Is it possible to get a list of environment variables from a (SELECT?) statement when executing an arbitrary SQL statement such as the two immediately below.
# Get a connection to a user's database. # Once my question is answered, I'll want to ask questions about how the statmeent immediately below interacts with Rails' # connection pool. conn =PGconn.connect("localhost",5432,"","","my_database_development","MyUserName","MyObviousPassword")
exec_sql_stmt_OK = "DROP TABLE IF EXISTS logs; CREATE TABLE logs ( client_ip inet, username text, ts timestamp, request text, status smallint, bytes int );"
# Is there some way to break my security model? # Note, I'm picking up the text of exec_sql_stmt_BAD_BAD_BAD from a form. Hence the use of single quotes to prevent interpolation. exec_sql_stmt_BAD_BAD_BAD = ' Some statement that will break my security model by giving a list of environment variables; ;'
# This will execute just fine ret_exec_sql = conn.exec( exec_sql_OK )
# I hope there is no SQL statement that will fetch a list of environment variables if PL/R is not installed. ret_exec_sql = conn.exec( exec_sql_stmt_ BAD_BAD_BAD )
It is important to note that I have NOT installed R or PL/R.
Note: If PL/R is installed one can use the plr_environ() function to get a list of environment variables
Does anyone know a good (best?) forum to ask questions? I see Reddit link but if you know of a better place, I'm all ears.