Home > mailing lists

Re: pg_largeobject is a security hole - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: pg_largeobject is a security hole
Date	June 27, 2001 22:50:19
Msg-id	22691.993685766@sss.pgh.pa.us Whole thread Raw
In response to	Re: pg_largeobject is a security hole (Philip Warner <pjw@rhyme.com.au>)
Responses	Re: pg_largeobject is a security hole (Philip Warner <pjw@rhyme.com.au>)
List	pgsql-hackers

Tree view

Philip Warner <pjw@rhyme.com.au> writes:
> At 12:27 27/06/01 -0400, Tom Lane wrote:
>> I propose that initdb should do
>> REVOKE ALL on pg_largeobject FROM public

> May have an issue with PG_DUMP, which does a 'select oid from
> pg_largeobject', I think.

Hmm.  [sound of grepping]  So does psql's \lo_list command.  That's
annoying ... the list of large object OIDs is *exactly* what you'd want
to hide from the unwashed masses.  Oh well, I'll leave bad enough alone
for now.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 27 June 2001, 22:49:52
Subject: Re: functions returning records

From: "Dmitry G. Mastrukov"
Date: 27 June 2001, 23:06:14
Subject: Re: New data type: uniqueidentifier

Re: pg_largeobject is a security hole - Mailing list pgsql-hackers

Previous

Next