Home > mailing lists

Re: Disable access shell command in psql - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: Disable access shell command in psql
Date	July 23, 2007 14:26:31
Msg-id	24056.1185200785@sss.pgh.pa.us Whole thread Raw
In response to	Disable access shell command in psql ("Thiago Maluf" <malufrj@gmail.com>)
Responses	Re: Disable access shell command in psql
List	pgsql-admin

Tree view

"Thiago Maluf" <malufrj@gmail.com> writes:
> I have one database server with postgresql 8.1 and I discovered  yesterday
> one  security problem.
> When  I access my server with  thought psql I have the possibility execute
> command in my server using "\!" or write one file using "\e".

These are done on the client side, not the server side.  There is no
security issue here, because psql's user could equally well do the
same things without using psql.

            regards, tom lane

pgsql-admin by date:

From: Michael Fuhr
Date: 23 July 2007, 14:16:49
Subject: Re: Disable access shell command in psql

From: "Thiago Maluf"
Date: 23 July 2007, 14:31:15
Subject: Re: Disable access shell command in psql

Re: Disable access shell command in psql - Mailing list pgsql-admin

Previous

Next