From: | Foolish Ewe <foolishewe(at)hotmail(dot)com> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Want to disable fully qualified table names on pg_dump in pg_dump (PostgreSQL) 9.6.8 |
Date: | 2018-03-16 20:55:59 |
Message-ID: | MWHPR14MB160008DF2A6F2C250DEE3885C0D70@MWHPR14MB1600.namprd14.prod.outlook.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Thank you Adrian, this is informative.
With best regards:
Bill
________________________________________
From: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
Sent: Thursday, March 15, 2018 11:09 PM
To: Foolish Ewe; pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Want to disable fully qualified table names on pg_dump in pg_dump (PostgreSQL) 9.6.8
On 03/15/2018 04:00 PM, Foolish Ewe wrote:
> Hello All:
>
> A number of our team members and I use pg_dump to export schema in an
> Ubuntu 16.04 environment, I happen to have a postgress 9.6.4 server
> that runs in a docker container, and in some cases I see the following
> select statement and fully qualified table names in the
> CREATE TABLE and ALTER TABLE statements:
>
> SELECT pg_catalog.set_config('search_path', '', false);
>
> CREATE TABLE database_name.table_name
I am pretty sure you are actually seeing:
CREATE TABLE schema_name.table_name
>
> and likewise for ALTER TABLE.
>
> But other users (who haven't updated their systems recently) do not see
> the SELECT statement and we see unqualified table names, e.g.:
>
>
> CREATE TABLE table_name
>
>
> These changes in format impact our workflows, we would prefer to have
> unqualified table names.
>
>
> Does anyone have an idea of what might cause this? Is there something
> we can do on the client side to avoid getting qualified table names?
The reason:
https://www.postgresql.org/about/news/1834/
"The purpose of this release is to address CVE-2018-1058, which
describes how a user can create like-named objects in different schemas
that can change the behavior of other users' queries and cause
unexpected or malicious behavior, also known as a "trojan-horse" attack. "
More information
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
There is no flag to unset this.
>
> With best regards:
>
> Bill
>
>
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Victoria Stuart (VictoriasJourney.com) | 2018-03-16 21:17:07 | Re: Nvim as external editor in psql as Postgres root user - .vimrc (environment?) issue |
Previous Message | Adrian Klaver | 2018-03-16 20:33:17 | Re: Nvim as external editor in psql as Postgres root user - .vimrc (environment?) issue |