Skip to content

DEV Community

Postgres Security Protocol Series' Articles

Back to Ofri Peretz's Series

Cover image for Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

Dec 31 '25

Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

#eslint #postgres #node #security

4 min read

Cover image for pg Lets You Concatenate SQL, Hijack search_path, and Leak Every Connection. 13 ESLint Rules Say No.

Dec 31 '25

pg Lets You Concatenate SQL, Hijack search_path, and Leak Every Connection. 13 ESLint Rules Say No.

#eslint #postgres #node #database

6 min read

Cover image for A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

Dec 31 '25

A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

#eslint #postgres #node #database

4 min read

Cover image for BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

Dec 31 '25

BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

#eslint #postgres #node #database

4 min read

Cover image for search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

Jan 2

search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

#eslint #postgres #security #node

4 min read

Cover image for One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

Jan 2

One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

#eslint #postgres #performance #node

4 min read

Cover image for PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.

Jan 2

PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database. One ESLint Rule Blocks It.

#eslint #postgres #security #node

5 min read