-------- Ursprüngliche Nachricht --------
Betreff: Re: [HACKERS] import/export of large objects on server-side
Von: "Klaus Reger" <K.Reger@twc.de>
An: <tgl@sss.pgh.pa.us>
> Use the client-side LO import/export functions, instead.
>
>ok, i've read the config.h and the sources. I agree that this can be a
>security hole. But for our application we need lo-access from
>PL/PGSQL-Procedures (explicitly on the server). We have to check out
>documents, work with them and then check the next version in.
>
>Whats about an configuration-file entry, in the matter
>LO_DIR=/directory or none (which is the default).
>For our product we want to be compatible with the original sources of Pg,
>avoiding own patches in every new version.
Hi,
I've made a patch, that introduces an entry in the PostgreSQL-config file.
You can set a drirectory, where all imports/exports can happen. If nothing
is set (the default), no imports/exports on the server-side are allowed.
To enhance the security, no reading/writung is allowed from/to non-regular
files (block-devs, symlinks, etc.)
I hope, that this patch is secure enough and will be integrated.
Regards, Klaus
