Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #1830: Non-super-user must be able to copy from a file - Mailing list pgsql-bugs

From Bernard
Subject Re: BUG #1830: Non-super-user must be able to copy from a file
Date
Msg-id 9l1ag1djlqiek6i026f5f27nd45ibirqph@4ax.com
Whole thread Raw
In response to Re: BUG #1830: Non-super-user must be able to copy from a file  (Bruno Wolff III <bruno@wolff.to>)
Responses Re: BUG #1830: Non-super-user must be able to copy from a  (Oliver Jowett <oliver@opencloud.com>)
Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a file  (Martijn van Oosterhout <kleptog@svana.org>)
List pgsql-bugs
Tree view 
Bruno and interested list members

I want to follow what is suggested here. How are STDIN and STDOUT
addressed when using the JDBC driver?

Or in other words where can I write or receive megabytes of data?

I would not want to append this to the String of a SQL Statement in
Java because that is a String in memory.

Thanks

Bernard


On Wed, 17 Aug 2005 06:51:12 -0500, you wrote:

>On Wed, Aug 17, 2005 at 09:22:16 +0100,
>  Bernard <bht@actrix.gen.nz> wrote:
>>
>> The following bug has been logged online:
>
>This isn't a bug and you really should have asked this question on
>another list. I am moving the discussion over to the general list.
>
>>
>> Bug reference:      1830
>> Logged by:          Bernard
>> Email address:      bht@actrix.gen.nz
>> PostgreSQL version: 8.0.3
>> Operating system:   Linux RedHat 9
>> Description:        Non-super-user must be able to copy from a file
>> Details:
>>
>> On the attempt to bulk load a table from a file that is owned by the
>> non-superuser current database user, the following error message is
>> printed:
>>
>> "must be superuser to COPY to or from a file"
>>
>> What is the reason for this limitation?
>
>This is described in the documentation for the copy command.
>
>>
>> It can't justifiably be for security reasons because if a web application
>> such as tomcat requires to bulk load tables automatically on a regular basis
>> then one would be forced to let the web application connect as superuser,
>> which is very bad for security.
>
>No, because you can have the app read the file and then pass the data to
>the copy command. To do this you use STDIN as the file name.
>
>>
>> In MySQL bulk loading works for all users.
>
>You can use the \copy command in psql to load data from files.
>
>>
>> We need a Postgresql solution.
>>
>> We have a web application where both MySQL and Postresql are supported. With
>> Postgresql, the application would have to connect as user postgres. We have
>> to explain this security risk to our clients very clearly.
>>
>> ---------------------------(end of broadcast)---------------------------
>> TIP 2: Don't 'kill -9' the postmaster
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: explain analyze is your friend

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: BUG #1832: Can't create function in plpgsql which has more than 10 parameters
Next
From: "Bernard"
Date:
Subject: BUG #1834: Non-super-user must be able to copy from a file through JDBC