| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Scott Holmes <sholmes(at)pacificnet(dot)net> |
| Cc: | PG-General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Re: lo wrappers - still working on it |
| Date: | 2001-07-04 16:06:00 |
| Message-ID: | 27780.994262760@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Scott Holmes <sholmes(at)pacificnet(dot)net> writes:
> I tried this initially, it results in an error and the following warning:
> You must have Postgres superuser privilege to use server-side lo_export().
> Anyone can use the client-side lo_export provided by libpq.
There's a very good reason for that restriction: lo_export/lo_import
allow a client to command reading and writing of any file that the
server can access, with the server's permissions. Your proposed
functions appear to be the same thing without any security check.
If you are intent on installing such a security hole into your
system, you can define ALLOW_DANGEROUS_LO_FUNCTIONS in config.h
when you build the server. But God help you if any unfriendlies
get access to your database.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Philip Molter | 2001-07-04 16:17:55 | Re: Determining scan types |
| Previous Message | Trewern, Ben | 2001-07-04 15:56:55 | RE: FOREIGN KEY |