Re: Proposal: functions get_text() or get_url()
| От | Stefan Keller |
|---|---|
| Тема | Re: Proposal: functions get_text() or get_url() |
| Дата | |
| Msg-id | 25bc040b0905230156i14595ae7w526e04733459d5b5@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Proposal: functions get_text() or get_url() (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
Ok.
But again: There is a library mentioned and documented in the famous PostgreSQL book from Douglas & Douglas called pgcurl (http://gborg.postgresql.org/project/pgcurl/ ). Where's this gone?
Yours, S.
2009/5/20 Robert Haas <robertmhaas@gmail.com>
On Wed, May 20, 2009 at 6:34 AM, Stefan Keller <sfkeller@gmail.com> wrote:No, large files aren't the problem. The problem is that the
> Questions: Don't see, why this would be a security issue: How could such a
> function do any harm? large files?
PostgreSQL server process may have rights to access things that the
user doesn't. For a simple case, imagine that PostgreSQL is behind a
firewall and the user is in front of the firewall, but there's a port
open to permit access to PostgreSQL. Now imagine that there is a web
server behind the firewall. The firewall blocks the user from
accessing the web server directly, but the user can ask PostgreSQL to
download the URLs for him. In that way, the user can bypass the
firewall. (Consider for example Andrew Chernow's company, which has
clients connecting to their database server from all over the
Internet...)
...Robert
В списке pgsql-hackers по дате отправления: