Re: Disable executing external commands from psql?
| От | Ken Tanzer |
|---|---|
| Тема | Re: Disable executing external commands from psql? |
| Дата | |
| Msg-id | 4C05D1AF.1010106@gmail.com обсуждение исходный текст |
| Ответ на | Re: Disable executing external commands from psql? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-general |
> psql is really, really meant to be run > on the client side. I appreciate that, but the people I'm targeting are just not going to have psql on their systems. > No, you missed the point: those functions, as well as others, are > useless unless psql is running inside a filesystem that the user has > (easy) read/write access to. Maybe I'm missing something (or haven't explained). The users would definitely have access to the filesystems. Setting my login shell to psql or lobotomizing the \! function wouldn't change that. But even going beyond that, I love the psql program. I really, really do. I use it all the time, and would choose it over a GUI or other means of access any day. I wouldn't want to live without \!, or PAGER, or lots of other nifty stuff. But for the use cases I'm envisioning, those are all useless frills (or if not useless, of secondary or tertiary significance). There's still a lot you can do with psql even without those commands, and I don't see why that should be considered an invalid use case. Thanks for listening, and cheers, Ken On 06/01/2010 08:22 PM, Tom Lane wrote: > Ken Tanzer<ken.tanzer@gmail.com> writes: > >>> You will for example be making it awfully difficult for them to use >>> \copy, \i, \e, \g, the list goes on. >>> > >> I'm not really eager to go down this path, but nonetheless it's not >> obvious to me why giving psql a lobotomy (or hopefully a careful >> surgical tweak) to disable the "\!" functionality would impact all those >> other functions. >> > No, you missed the point: those functions, as well as others, are > useless unless psql is running inside a filesystem that the user has > (easy) read/write access to. psql is really, really meant to be run > on the client side. > > regards, tom lane > -- ------------------------------------------------------- AGENCY Software For nonprofits that want to take control of their data Use it. Like it. Share it. Build it. Buy it. http://agency-software.org -------------------------------------------------------
В списке pgsql-general по дате отправления: