Re: BLOBs - Mailing list pgsql-sql

From Eugene Yin
Subject Re: BLOBs
Date
Msg-id 825207667.6348678.1453058794606.JavaMail.yahoo@mail.yahoo.com
Whole thread Raw
In response to Re: BLOBs  (Andreas Joseph Krogh <andreas@visena.com>)
Responses Re: BLOBs
List pgsql-sql

BLOB binary large object see Large Object Support


  •  Minuses
    • must use different interface from what is normally used to access BLOBs.
    • Need to track OID. Normally a separate table with additional meta data is used to describe what each OID is.
    • (8.4 and <8.4) No access controls in database.
    • Sometimes advised against (basically you only need them if your entry is so large you need/want to seek and read bits and pieces of it at a time). 


    Do one really: 
    • Need to track OID. Normally a separate table with additional meta data is used to describe what each OID is.



    Thanks

    Eugene



    On Monday, January 11, 2016 11:10 PM, Andreas Joseph Krogh <andreas@visena.com> wrote:


    På tirsdag 12. januar 2016 kl. 02:32:46, skrev Eugene Yin <eugeneymail@ymail.com>:
    I did some search on the OID data type.  Here is something I found regarding to the deletion of the OID data.
     
    QUOTE:
     
    "The Large Object method for storing binary data is better suited to storing very large values, but it has its own limitations. Specifically deleting a row that contains a Large Object reference does not delete the Large Object. 
     
    Deleting the Large Object is a separate operation that needs to be performed. 
     
    Large Objects also have some security issues since anyone connected to the database can view and/or modify any Large Object, even if they don't have permissions to view/update the row containing the Large Object reference."
     
     
     
    So I have two questions:
     
    1)  If it is true that "Deleting the Large Object is a separate operation that needs to be performed.", after the deletion, what operation I need to perform, in order to delete the OID data in the table?  Possiblely put into an after trigger
     
    2) "Large Objects also have some security issues since anyone connected to the database can view and/or modify any Large Object".  Will this pose a real risk to the security?  or just a forethought?
     
    1) You don't need to perform any "after delete"-operation as a developer. But the DBA (or someone else) has to execute vacuumlo (see "man vacuumlo" for more info) using cron or some other periodic scheduling tool.
     
    2) Your mileage may vary, but for our app this isn't an issue.
     
    PS: 8.4 is EOL, use a more current version, preferably 9.5.
    I also recommend the -ng driver as it's the only one with proper BLOB-support, as mentioned earlier in this thread.
     
    --
    Andreas Joseph Krogh
    CTO / Partner - Visena AS
    Mobile: +47 909 56 963
     


Attachment

pgsql-sql by date:

Previous
From: Andreas Joseph Krogh
Date:
Subject: Re: BYTEA vs BLOB
Next
From: Eugene Yin
Date:
Subject: BYTEA