DB Relay - NGiNX based open source project

Michael Shadle mike503 at gmail.com
Fri Jul 23 02:21:06 MSD 2010

On Thu, Jul 22, 2010 at 3:09 PM, Brian Bruns <brian at bruns.com> wrote:
> Hi Michael,
> We're still here at OSCON if you want to stop by.
> It's intended for use in applications, so it's really no different
> than using the native database APIs vis-a-vis security, all the same
> concerns apply.  We just make it easier to get to the database.
> Brian

Applications mask the queries though.

via PHP:


via DBRelay:

/sql?sql=SELECT something FROM table WHERE file_id=somevariable

(of course URL encoded, blahblah)

Seems to me the model shouldn't be used for anything that would be an
information disclosure to anything sensitive. For instance, perhaps
you want a user's email address. well, depending on how it's done, you
could SHOW COLUMNS FROM user; or SELECT * FROM user; instead of SELECT
email FROM user ... right?

More information about the nginx mailing list