On 05/19/2011 10:10 AM, Craig de Stigter wrote:
> 1. I'm assuming that the dump format can contain arbitrary sql commands,
> so a pg_restore of this nature should be run under an untrusted account
> in its own restricted schema. Can someone confirm that this is the case?
Correct. You very definitely want to run the restore under a
limited-privs account.
> 2. The dump is presumed to contain exactly one table, which I want to
> load into my restricted schema. But it seems pg_restore has no option to
> set the schema during restoration. It always loads into the original
> schema as stored in the dump. How can I get around this?
If you're using a table structure you defined rather than a user-defined
one you can use COPY rather than pg_restore. That way you're guaranteed
to have data and only data. They'd need to dump their table with a COPY
command, but that's pretty trivial.
--
Craig Ringer