Re: [PHP3] Doing \copy after a file upload. - Mailing list pgsql-general

From lynch@lscorp.com (Richard Lynch)
Subject Re: [PHP3] Doing \copy after a file upload.
Date
Msg-id v02140b1fb1c2b0f8797b@[207.152.64.133]
Whole thread Raw
List pgsql-general
Again cross-posted due to duality of php/psql question.  Don't cross-post
specific replies. THANKS!!!

At 3:11 PM 7/3/98, Richard Lynch wrote:

>    C.  I should research system/shell/passthrough stuff
>        Do you get the idea that I'm not even sure which one does what?...
>    C1. I would need to do psql -u, but then how do I pass in username/passord?
>        [Straight psql won't work from a shell for me, due to ISP setup.]

Okay, I've done some more RTFM, and have a further, detailed question about
this option:

How secure are .php source files?
[I'm in beta 6 for now, if it matters...  I think this is more a general
unix question, though?...]

Specifically, if the only way I can figure out, so far, to copy from an
uploaded FileMaker export entails putting something like this in my .php
source, what is the risk factor?

"echo \"login\\npassword\\n\" | psql -u -d dbase -c '\\copy blah from $blah'";
        ^^^^^^^^^^^^^^^^
The login & password to my whole site, as provided by my ISP, which is the
login/password that can do psql -u stuff.   psql without -u is simply not
offered by the ISP, as I understand it.

How risky is this?

Serious cracker who would be able to get at anything anyway?
Any jerk with half a brain who wants to wreak havoc with my system?
Somewhere in between?

If it is high-risk, what could I tell/ask my provider in terms he (a unix
guy) would understand and be willing to do (eg php as module is out) to
make this [more] secure?  Please understand that I'm a Mac Lisp hacker, so
the more cookbook-specific you can be about Unix stuff, the better :-)

Note:  I am not wedded to this particular path.  If a better answer to my
preceding question is there, don't hesitate to say so just because I've
taken this route as the only one I could see working at the time...

THANKS!!!

PS  I need to CR/LF convert the uploaded files from Mac to Unix format
somewhere between the FileMaker export and the \copy...  Preferably without
an extra step for the user, who is not the most clueful...  [And you
thought I was bad. :-)]  I know there's a bizillion programs to do it:
Which one will be easiest to implement seamlessly, automatically between
the FileMaker/<FORM>/\copy?  Any suggestions?

PPS  I hope I'm not overloading the list with questions that belong
somewhere else or are RTFM...

--
--
-- "TANSTAAFL" Rich lynch@lscorp.com



pgsql-general by date:

Previous
From: lynch@lscorp.com (Richard Lynch)
Date:
Subject: Vacuum
Next
From: Stephan Doliov
Date:
Subject: Re: [GENERAL] data entry forms