Re: Feature request: include script file into function body
| От | Bruce Momjian |
|---|---|
| Тема | Re: Feature request: include script file into function body |
| Дата | |
| Msg-id | 201102011812.p11ICFx11142@momjian.us обсуждение исходный текст |
| Ответ на | Re: Feature request: include script file into function body (Steve White <swhite@aip.de>) |
| Список | pgsql-bugs |
Steve White wrote: > Hi Kevin, > > On 1.02.11, Kevin Grittner wrote: > > [Please don't top-post. Rearranged for clarity.] > > > As you like. > > > Steve White <swhite@aip.de> wrote: > > > On 1.02.11, Tom Lane wrote: > > >> Steve White <swhite@aip.de> writes: > > >>> It would be really nice to have a way to load script (especially > > >>> Python and Perl) from a separate file into a function body. > > >> > > >> This seems like a security hole, ie, you could use it to read any > > >> file the backend has access to. > > > > > Isn't the \i command a similar security hole? > > > > That is run by a client program on a client machine. > > Sorry I don't understand this remark. > > Are you saying that \i is disabled to user postgres? > Just tried: it isn't. > Are you saying that as a normal user I can use \i to load a file that I > don't normally have access to? > Just tried: nope -- permission denied. > > What scenario do you have in mind? \i is a psql client command, not something the backend runs. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
В списке pgsql-bugs по дате отправления: