import/export of large objects on server-side
Hi all,
at the moment import/export of large objects on server-side only can be
activated for all users by editing config.h due to security reasons.
My idea is, to enable in for everyone, when using s apecial directory (e.g.
/tmp). What do you think about this?
Regards, Klaus
--
TWC GmbH
Schlossbergring 9
79098 Freiburg i. Br.
http://www.twc.de
Klaus Reger <K.Reger@twc.de> writes:
at the moment import/export of large objects on server-side only can be
activated for all users by editing config.h due to security reasons.
My idea is, to enable in for everyone, when using s apecial directory (e.g.
/tmp). What do you think about this?
It'd still be a security hole, and not significantly smaller (consider
symlinks).
Use the client-side LO import/export functions, instead.
regards, tom lane
Klaus Reger <K.Reger@twc.de> writes:
at the moment import/export of large objects on server-side only can
be activated for all users by editing config.h due to security
reasons. My idea is, to enable in for everyone, when using s apecial
directory (e.g. /tmp). What do you think about this?It'd still be a security hole, and not significantly smaller (consider
symlinks).Use the client-side LO import/export functions, instead.
ok, i've read the config.h and the sources. I agree that this can be a
security hole. But for our application we need lo-access from
PL/PGSQL-Procedures (explicitly on the server). We have to check out
documents, work with them and then check the next version in.
Whats about an configuration-file entry, in the matter
LO_DIR=/directory or none (which is the default).
For our product we want to be compatible with the original sources of Pg,
avoiding own patches in every new version.
What do you think about this idea? Do you have any other suggestions for
serverside lo-ing, without granting every user superuser-privileges?
Regards, Klaus