Sentinel Value Module for PostgreSQL
This loadable module will test tuples emitted from a SELECT statement against the occurrence of a configured sentinel value during execution, raising a terminal error if one is seen. This allows to add another layer of defence against unsolicited access, e.g. by SQL injection.
The module is loaded via the
shared_preload_libraries setting in the
Also, a few custom variables must be specified.
So, typical settings in the
postgresql.conf file might be:
shared_preload_libraries = 'pg_sentinel' pg_sentinel.relation_oid = 16389 pg_sentinel.column_no = 2 pg_sentinel.sentinel_value = 'SENTINEL' pg_sentinel.sentinel_message = 'Hello Kitty!' pg_sentinel.abort_statement_only = false
relation_oid is the Oid of the table containing the sentinel values.
The Oid can be obtained as follows:
column_no is the ordinal position of the column containing the sentinel values.
The ordinal position of a column can be obtained as follows:
SELECT ordinal_position FROM information_schema.columns WHERE table_name='<table_name>' AND column_name = '<column_name>';
sentinel_value is the sentinel value to react to. The default is 'SENTINEL'.
true, pg_sentinel will raise an
the current query. By default it is
false, terminating the current connection
sentinel_message sets the message that is reported with the error thrown. You may
set it to something expressionless yet unique that can easily be detected in the logs.
By default, it says "Severe internal error detected!".
If you're using this with a version of PostgreSQL prior to 9.2, you will need also to have a line like this before the above lines:
custom_variable_classes = 'pg_sentinel'
All settings can only be set in postgresql.conf and only at startup. They must not and can not be changed a posteriori by SET or SIGHUP to avoid tampering.
The module does not protect against
COPY <tablename> TO, however it works
COPY is used with a query, like
COPY (SELECT * FROM <tablename>) TO.
Building and Installing
No configuration is required. Building and installing can be achieved like this:
export PATH=/path/to/pgconfig/directory:$PATH make && make install
pg_sentinel is a loadable module rather than an Extension, it cannot be
installed using PGXN or other extension-management tools.
This module has been tested on PostgreSQL 9.6. Since it implements it's own
ExecutePlan() function, it might work on other versions - or not.
This module is the work of Ernst-Georg Schmid.