Alvaro Herrera wrote:
> Excerpts from Charles Pritchard's message:
>> I don't believe the webmaster is granted free rein:
>> Disk quotas are enforced, data is separated per origin,
>> hanging processes are up to the implementer, and postgres has
>> plenty of settings for that.
>
> The day a privilege escalation is found and some webserver runs
> "pg_read_file()" on your browser, will be a sad one indeed.
Personally, I feel somewhat more safe about trusting PostgreSQL on
this than JavaScript, Java applets, a Flash plug-in, and cookies --
all of which are enabled in my browser. Sure, I occasionally hit an
ill-behaved page and need to xkill my browser. I don't visit that
site again. And it really doesn't happen to me very often.
Can you can make a case that this proposal is more dangerous than
having all the above enabled?
-Kevin
