Skip to content
This loadable module will test tuples emitted from a SELECT statement against the occurrence of a configured sentinel value during execution, raising a terminal error if one is seen. This allows to add another layer of defence against unsolicited access, e.g. by SQL injection.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Makefile
README.md
pg_sentinel.c

README.md

Sentinel Value Module for PostgreSQL

This loadable module will test tuples emitted from a SELECT statement against the occurrence of a configured sentinel value during execution, raising a terminal error if one is seen. This allows to add another layer of defence against unsolicited access, e.g. by SQL injection.

The module is loaded via the shared_preload_libraries setting in the postgresql.conf file.

Also, a few custom variables must be specified.

So, typical settings in the postgresql.conf file might be:

shared_preload_libraries = 'pg_sentinel'
pg_sentinel.relation_oid = 16389
pg_sentinel.column_no = 2
pg_sentinel.sentinel_value = 'SENTINEL'
pg_sentinel.sentinel_message = 'Hello Kitty!'
pg_sentinel.abort_statement_only = false

relation_oid is the Oid of the table containing the sentinel values.

The Oid can be obtained as follows:

SELECT '<schema>.<tablename>'::regclass::oid;

column_no is the ordinal position of the column containing the sentinel values.

The ordinal position of a column can be obtained as follows:

SELECT ordinal_position FROM information_schema.columns WHERE
table_name='<table_name>' AND column_name = '<column_name>';

sentinel_value is the sentinel value to react to. The default is 'SENTINEL'.

If abort_statement_only is true, pg_sentinel will raise an ERROR, aborting the current query. By default it is false, terminating the current connection with FATAL.

sentinel_message sets the message that is reported with the error thrown. You may set it to something expressionless yet unique that can easily be detected in the logs. By default, it says "Severe internal error detected!".

If you're using this with a version of PostgreSQL prior to 9.2, you will need also to have a line like this before the above lines:

custom_variable_classes = 'pg_sentinel'

All settings can only be set in postgresql.conf and only at startup. They must not and can not be changed a posteriori by SET or SIGHUP to avoid tampering.

Important

The module does not protect against COPY <tablename> TO, however it works when COPY is used with a query, like COPY (SELECT * FROM <tablename>) TO.

Building and Installing

No configuration is required. Building and installing can be achieved like this:

export PATH=/path/to/pgconfig/directory:$PATH
make && make install

As pg_sentinel is a loadable module rather than an Extension, it cannot be installed using PGXN or other extension-management tools.

This module has been tested on PostgreSQL 9.6. Since it implements it's own ExecutePlan() function, it might work on other versions - or not.

Credits

This module is the work of Ernst-Georg Schmid.

You can’t perform that action at this time.