Search Postgresql Archives

Re: `must be superuser to COPY to or from a file' - using perl DBI - approaches to work around this

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Dan Kortschak (dan.kortschak@xxxxxxxxxxxxxxx) wrote:
> On Mon, 2009-10-12 at 20:21 -0400, Stephen Frost wrote:
> > > Does anyone have any suggestions (the least bad of the options above
> > > seems to be to use psql, but I think that is ugly)?
> > 
> > perldoc DBD::Pg
> > 
> > Read the 'COPY support' section.
> > 
> 
> Seems like the way to go, though it will be significantly slower than
> psql or superuser reads (a couple of tables have ~10s-100sM rows).

Erm, really?  You've tested that and found it to be that much slower?

> > > Also, can anyone suggest why it is possible to create a database but not
> > > COPY to/from a file as a non-superuser?
> > 
> > When a COPY statement which references a file is sent to the backend,
> > the *backend* PG process will try to open the file and read from it-
> > hence you have to be a PG superuser.  The '\copy' that psql provides
> > actually sends a 'COPY .. FROM STDIN' to the server, just like the
> > DBD::Pg COPY support.
> 
> Yeah sure, I understand that, I was just wondering about the reasons for
> making that decision - the relative danger of creation and read from
> stdin vs read from a file.

Being able to read from any file the *unix* PG user can read from means
you can access any file in the database..  Pretty serious from a
security standpoint.  Not sure what you're expecting here.

	Stephen

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux