Bruno and interested list members
I want to follow what is suggested here. How are STDIN and STDOUT
addressed when using the JDBC driver?
Or in other words where can I write or receive megabytes of data?
I would not want to append this to the String of a SQL Statement in
Java because that is a String in memory.
Thanks
Bernard
On Wed, 17 Aug 2005 06:51:12 -0500, you wrote:
>On Wed, Aug 17, 2005 at 09:22:16 +0100,
> Bernard <bht@xxxxxxxxxxxxx> wrote:
>>
>> The following bug has been logged online:
>
>This isn't a bug and you really should have asked this question on
>another list. I am moving the discussion over to the general list.
>
>>
>> Bug reference: 1830
>> Logged by: Bernard
>> Email address: bht@xxxxxxxxxxxxx
>> PostgreSQL version: 8.0.3
>> Operating system: Linux RedHat 9
>> Description: Non-super-user must be able to copy from a file
>> Details:
>>
>> On the attempt to bulk load a table from a file that is owned by the
>> non-superuser current database user, the following error message is
>> printed:
>>
>> "must be superuser to COPY to or from a file"
>>
>> What is the reason for this limitation?
>
>This is described in the documentation for the copy command.
>
>>
>> It can't justifiably be for security reasons because if a web application
>> such as tomcat requires to bulk load tables automatically on a regular basis
>> then one would be forced to let the web application connect as superuser,
>> which is very bad for security.
>
>No, because you can have the app read the file and then pass the data to
>the copy command. To do this you use STDIN as the file name.
>
>>
>> In MySQL bulk loading works for all users.
>
>You can use the \copy command in psql to load data from files.
>
>>
>> We need a Postgresql solution.
>>
>> We have a web application where both MySQL and Postresql are supported. With
>> Postgresql, the application would have to connect as user postgres. We have
>> to explain this security risk to our clients very clearly.
>>
>> ---------------------------(end of broadcast)---------------------------
>> TIP 2: Don't 'kill -9' the postmaster
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: explain analyze is your friend
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
