Home > mailing lists

Re: pg_execute_from_file, patch v10 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: pg_execute_from_file, patch v10
Date	December 14, 2010 02:47:55
Msg-id	27600.1292298465@sss.pgh.pa.us Whole thread Raw
In response to	Re: pg_execute_from_file, patch v10 (Itagaki Takahiro <itagaki.takahiro@gmail.com>)
Responses	Re: pg_execute_from_file, patch v10 (Itagaki Takahiro <itagaki.takahiro@gmail.com>)
List	pgsql-hackers

Tree view

Itagaki Takahiro <itagaki.takahiro@gmail.com> writes:
> On Tue, Dec 14, 2010 at 12:02, Robert Haas <robertmhaas@gmail.com> wrote:
>> As Tom says, this is clearly not going to fly on security grounds.

> If it's a security hole, lo_import() should be also a hole
> because we can use lo_import() and SELECT * FROM pg_largeobject
> for the same purpose...

lo_import is superuser-only.  If we design this feature so that it will
forever have to be superuser-only, to get a behavior that I think we
don't even *want*, I believe we're making a serious error.
        regards, tom lane

pgsql-hackers by date:

From: KaiGai Kohei
Date: 14 December 2010, 02:28:41
Subject: Re: rest of works for security providers in v9.1

From: Robert Haas
Date: 14 December 2010, 02:49:02
Subject: Re: Tab completion for view triggers in psql

Re: pg_execute_from_file, patch v10 - Mailing list pgsql-hackers

Previous

Next