DEV Community

Postgres Security Protocol Series' Articles

Back to Ofri Peretz's Series
Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.
Cover image for Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

Your node-postgres Data Layer Fails 4 Ways in Production. SQL Injection Is Only the First.

Comments
12 min read
PostgreSQL Injection in Node.js: 4 Patterns That Pass Code Review (and the Rules That Don't Let Them)
Cover image for PostgreSQL Injection in Node.js: 4 Patterns That Pass Code Review (and the Rules That Don't Let Them)

PostgreSQL Injection in Node.js: 4 Patterns That Pass Code Review (and the Rules That Don't Let Them)

Comments
8 min read
A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.
Cover image for A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

A Missing client.release() Exhausted Our Postgres Pool at 3 AM. The ESLint Rule That Catches It.

Comments
12 min read
BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.
Cover image for BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

BEGIN on a Postgres Pool Scatters Your Transaction Across Connections. One ESLint Rule Stops It.

Comments
9 min read
search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table
Cover image for search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

search_path Hijacking: the PostgreSQL Attack That Turns SELECT * FROM users Into the Attacker's Table

Comments
15 min read
One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.
Cover image for One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

One INSERT Loop Made Our CSV Import 500x Slower. One ESLint Rule Catches It Before It Ships.

1
Comments 3
7 min read
PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database — One ESLint Rule Blocks It.
Cover image for PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database — One ESLint Rule Blocks It.

PostgreSQL's COPY FROM Can Read /etc/passwd Into Your Database — One ESLint Rule Blocks It.

Comments
14 min read