Home > mailing lists

Re: Disable access shell command in psql - Mailing list pgsql-admin

From	Thiago Maluf
Subject	Re: Disable access shell command in psql
Date	July 23, 2007 14:31:15
Msg-id	c8bf7e920707230731s2e54102dscc5419e27ee6d055@mail.gmail.com Whole thread Raw
In response to	Re: Disable access shell command in psql (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-admin

Tree view

I`m sorry list.
I had one mistake.
Thanks for everyone.
Thiago

2007/7/23, Tom Lane <tgl@sss.pgh.pa.us>:

"Thiago Maluf" <malufrj@gmail.com> writes:
> I have one database server with postgresql 8.1 and I discovered  yesterday
> one  security problem.
> When  I access my server with  thought psql I have the possibility execute
> command in my server using "\!" or write one file using "\e".

These are done on the client side, not the server side.  There is no
security issue here, because psql's user could equally well do the
same things without using psql.

                        regards, tom lane

--
----------------------------------------------------------------
THIAGO MALUF RESENDE
Consultor Voip e Programador WEB (Voip Developer and Web Developer)
Tel: +55 21 86042100
e-mail: malufrj@gmail.com

pgsql-admin by date:

From: Tom Lane
Date: 23 July 2007, 14:26:31
Subject: Re: Disable access shell command in psql

From: Jessica Richard
Date: 23 July 2007, 17:13:30
Subject: Re: "_" in a serach pattern

Re: Disable access shell command in psql - Mailing list pgsql-admin

Previous

Next