Steve White <swhite@aip.de> wrote:
> On 1.02.11, Kevin Grittner wrote:
>> Steve White <swhite@aip.de> wrote:
>>> Isn't the \i command a similar security hole?
>>
>> That is run by a client program on a client machine.
>
> Sorry I don't understand this remark.
The CREATE FUNCTION statement is parsed and executed on the
*server*, so implementing the feature as you describe it would
involved reading files on the database server machine. With the
security of the OS user which owns the database's data directory.
Outside of development, the client is generally (in my experience,
anyway) on another machine, or at least not running under the user
ID with rights to the PostgreSQL data directory.
It seems to me that something which let you pull the body of a
script file into the statement on the *client* side of the
connection, before sending the CREATE FUNCTION statement to the
server would not only be a lot more secure (you could only read
files that the OS would let your login read anyway), but would be
more *useful*.
> Are you saying that \i is disabled to user postgres?
I'm saying it runs on the client side of the connection to the
database, running with the rights of whatever user executed psql.
> If I understand what you're proposing: write a PostgreSQL function
> with LANGUAGE PLPYTHONU, and inside the function body load the
> file with \i. Is that it?
Well, \i inside the string literal obviously won't work. I'm saying
some logical equivalent with new syntax. Something which pulls the
file into the client software. I don't have any particularly clever
suggestions to offer for syntax.
-Kevin
