| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Andre Felipe Machado <andremachado(at)techforce(dot)com(dot)br>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: postgresql-contrib risks? |
| Date: | 2005-01-06 22:27:42 |
| Message-ID: | 20050106222742.GB22846@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Jan 06, 2005 at 15:09:54 +0100,
Martijn van Oosterhout <kleptog(at)svana(dot)org> wrote:
>
> One question though, if you are granted filesystem access to the
> server, there's no reason why you couldn't just get the pgcrypto module
> in your home directory and load it into the server yourself. I think
> all you need is superuser access to your database to loaded untrusted
> modules...
Hopefully his provider doesn't let people install functions written in
untrusted languages. pgcrypto uses C functions and he will probably need
his provider to load it for him.
If there is some trusted language installed that he has access to, he may
be able to create a function in that language that does what he wants.
He doesn't need file system access to do that.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2005-01-06 23:08:34 | Re: warning: pg_query(): Query failed |
| Previous Message | Bruno Wolff III | 2005-01-06 22:09:18 | Re: warning: pg_query(): Query failed |