> Klaus Reger <K.Reger@twc.de> writes:
>> at the moment import/export of large objects on server-side only can
>> be activated for all users by editing config.h due to security
>> reasons. My idea is, to enable in for everyone, when using s apecial
>> directory (e.g. /tmp). What do you think about this?
>
> It'd still be a security hole, and not significantly smaller (consider
> symlinks).
>
> Use the client-side LO import/export functions, instead.
ok, i've read the config.h and the sources. I agree that this can be a
security hole. But for our application we need lo-access from
PL/PGSQL-Procedures (explicitly on the server). We have to check out
documents, work with them and then check the next version in.
Whats about an configuration-file entry, in the matter
LO_DIR=/directory or none (which is the default).
For our product we want to be compatible with the original sources of Pg,
avoiding own patches in every new version.
What do you think about this idea? Do you have any other suggestions for
serverside lo-ing, without granting every user superuser-privileges?
Regards, Klaus
