Re: Disable access shell command in psql

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Thiago Maluf" <malufrj(at)gmail(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Disable access shell command in psql
Date: 2007-07-23 14:26:25
Message-ID: 24056.1185200785@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

"Thiago Maluf" <malufrj(at)gmail(dot)com> writes:
> I have one database server with postgresql 8.1 and I discovered yesterday
> one security problem.
> When I access my server with thought psql I have the possibility execute
> command in my server using "\!" or write one file using "\e".

These are done on the client side, not the server side. There is no
security issue here, because psql's user could equally well do the
same things without using psql.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Thiago Maluf 2007-07-23 14:31:09 Re: Disable access shell command in psql
Previous Message Michael Fuhr 2007-07-23 14:16:35 Re: Disable access shell command in psql