Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Agreed it should be relative to the log directory, which may or not be
> under PGDATA, and don't let them go up above it. Is there any downside
> to allowing absolute reads as well because COPY can already read
> absolute files.
Perhaps not from a security point of view, but I think it would be
rather bizarre for a general-purpose pg_read_file() function to default
to reading from the log directory. From the point of view of having
a consistent API, it'd be better to call the functions something like
pg_read_logdirectory() and pg_read_logfile() and restrict them to the
log directory. If we later decide we want to add a general
pg_read_file() operation, we won't have to contort its operation to
preserve compatibility with the log-fetching case.
regards, tom lane
