Re: \gsetenv
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: \gsetenv |
| Дата | |
| Msg-id | df6b753d-3521-25d1-d01b-b488ebc6b52d@iki.fi обсуждение исходный текст |
| Ответ на | Re: \gsetenv (David Fetter <david@fetter.org>) |
| Ответы |
Re: \gsetenv
|
| Список | pgsql-hackers |
On 20/12/2020 21:05, David Fetter wrote: > We have plenty of ways to spawn shells and cause havoc, and we > wouldn't be able to block them all even if we decided to put a bunch > of pretty onerous restrictions on psql at this very late date. We have > \set, backticks, \!, and bunches of things less obvious that could, > even without a compromised server, cause real mischief. There is a big difference between having to trust the server or not. Yeah, you could cause a lot of mischief if you let a user run arbitrary psql scripts on your behalf. But that's no excuse for opening up a whole another class of problems. - Heikki
В списке pgsql-hackers по дате отправления: