Skip site navigation (1) Skip section navigation (2)

Re: BUG #1830: Non-super-user must be able to copy from a file

From: "Sean Utt" <sean(at)strateja(dot)com>
To: "Bernard" <bht(at)actrix(dot)gen(dot)nz>
Cc: <pgsql-bugs(at)postgresql(dot)org>, <pgsql-general(at)postgresql(dot)org>
Subject: Re: BUG #1830: Non-super-user must be able to copy from a file
Date: 2005-08-19 09:19:20
Message-ID: 002801c5a49f$14dab500$0201a8c0@randomnoise (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-general
cc'ing the list, haven't seen it show up there....

And yeah, I'm using Outlook Express and the quoting is crappy. So sue me....

I never saw your request rejected, though it did rank low on priority -- in 
my book at least. The problem has been discussed at length, and there are 
multiple ways to solve your problem without making any changes to postgres. 
Because there are so many ways to solve your problem, your request amounts 
to a feature, not a bug, and a very low ranking feature at that. Just 
because other similar systems do something, does not mean that anyone else 
should. If you like the way they do it better, go with them. Microsoft 
allowed Outlook to set up volunteer administrators if they sent a properly 
crafted email -- some people like that sort of thing.

While I really appreciate your attempts to motivate the postgres team to 
action through peer pressure (mysql and all the other databases kiss on the 
first date) -- as I said, if you can't personally fix the problem, and you 
won't/can't pay someone else to fix the problem, then you have to hope that 
the problem bugs someone who can pay to fix the problem, or that someone who 
can fix the problem feels the itch, and can scratch it. That may or may not 
make you happy, but it is the reality. Again, there are many other ways to 
solve this problem (uploading bulk table date) -- I am going to make a 
wild-ass guess that the phpPgAdmin team have had to address this issue 
(http://phppgadmin.org/) and have come to some compromise.

Dump the vinegar, try the honey.

Sean


----- Original Message ----- 
From: "Bernard" <bht(at)actrix(dot)gen(dot)nz>
To: "Sean Utt" <sean(at)strateja(dot)com>
Sent: Friday, August 19, 2005 1:52 AM
Subject: Re: [BUGS] BUG #1830: Non-super-user must be able to copy from a 
file


Sean,

I am glad that our discussion has come this far, because at the start
of it, my request was rejected as not being relevant and I was looking
a bit depressed.

The options for fast bulk loads from within a Java server programs as
non-superuser user are clearly limited and inefficient.

I still had trouble explaining the issue and after some time, it has
become obvious that the STDIN option suggested for COPY is not
available in the JDBC driver.

Oliver asked to suggest a solution that does not open any security
holes.

A simple solution has been suggested that works without changes to the
JDBC driver. I repeat it here:

For a non-postgresql-superuser user, COPY FROM files have to be
world-readable and COPY TO files and directories have to be
world-writable. The server checks the file attributes and grants copy
permission depending on them. Obviously any Postrgres system files
must not be world-readable and world-writable.

I am not suggesting to enhance the JDBC driver to support COPY with
STDIN, because my architecture doesn't require it and it is clearly
going to be slower due to driver/comms overhead.

I appreciate your comments regarding funding of developers. I hope I
will be able to provide a share in the future but currently I am not
in the position to do so.

Regards

Bernard

On Fri, 19 Aug 2005 00:46:29 -0700, you wrote:

...

>Bottom line:
>If this is really important to you, either fix the problem, or provide
>someone else with incentive to fix the problem.
>In this case, attempting to appeal to/tear down the ego of the developers 
>is
>not working, so you will have to resort to more concrete methods, i.e.
>money. Nice effort though. No matter how much our pride is involved in 
>this,
>nothing greases the wheels like cash.
>
>Sean





In response to

pgsql-bugs by date

Next:From: BernardDate: 2005-08-19 09:27:36
Subject: Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a
Previous:From: Martijn van OosterhoutDate: 2005-08-19 08:55:48
Subject: Re: [BUGS] BUG #1830: Non-super-user must be able to copy from a file

pgsql-general by date

Next:From: BernardDate: 2005-08-19 09:27:36
Subject: Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a
Previous:From: Surabhi Ahuja Date: 2005-08-19 09:05:58
Subject: threads and transaction ...sample code and stored procedure

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group