| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] createdb with alternate location |
| Date: | 1999-12-12 06:13:31 |
| Message-ID: | 25599.944979211@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> [ CREATE DATABASE WITH LOCATION shouldn't depend on environment vars ]
I agree, this oughta be flushed. Is the expansion routine used in any
other contexts where depending on an environment var *would* make sense?
> What really gets me, though, is how this sort of scheme is supposed to
> create security in the first place.
I doubt security was foremost in the mind of whoever did that. Still,
the environment vars in question are those created by the dbadmin before
starting the postmaster; it's not like unprivileged users can affect
them. So I'd say it's just a chance to shoot yourself in the foot,
not a question of exposing yourself to enemy fire...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 1999-12-12 06:52:41 | Re: [HACKERS] Re: [PATCHES] pg_dump primary keys |
| Previous Message | Tom Lane | 1999-12-12 06:03:12 | Re: [HACKERS] Re: Mirroring a DB |