i'm making a photo album app with php4 and pgsql. i came across something
i think could be a security risk.
i have a web page with a form for user to upload their image, then using
INSERT and lo_import() i get the file to the right location. the problem
is this, with one postmaster running as uid pgsql, that would allow any
other developer to view my data just by guessing the path to my images
cause they all get read by user pgsql.
how do i circumvent this?