| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_execute_from_file, patch v10 |
| Date: | 2010-12-14 03:47:45 |
| Message-ID: | 27600.1292298465@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com> writes:
> On Tue, Dec 14, 2010 at 12:02, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> As Tom says, this is clearly not going to fly on security grounds.
> If it's a security hole, lo_import() should be also a hole
> because we can use lo_import() and SELECT * FROM pg_largeobject
> for the same purpose...
lo_import is superuser-only. If we design this feature so that it will
forever have to be superuser-only, to get a behavior that I think we
don't even *want*, I believe we're making a serious error.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-12-14 03:48:54 | Re: Tab completion for view triggers in psql |
| Previous Message | KaiGai Kohei | 2010-12-14 03:28:18 | Re: rest of works for security providers in v9.1 |