Skip site navigation (1) Skip section navigation (2)

Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a

From: "Sean Utt" <sean(at)strateja(dot)com>
To: "Bernard" <bht(at)actrix(dot)gen(dot)nz>, "Greg Stark" <gsstark(at)mit(dot)edu>
Cc: <pgsql-bugs(at)postgresql(dot)org>, <pgsql-general(at)postgresql(dot)org>
Subject: Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a
Date: 2005-08-19 08:10:46
Message-ID: 00ba01c5a495$813677c0$0201a8c0@randomnoise (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-general
Yeah, I'm -vvv tonight.

psql provides \COPY table from file

how about
String cmd = "psql -c '\COPY table from file' -U user -d database"
Process p = Runtime.getRuntime( ).exec( cmd );
yatta yatta yatta, blah blah blah

naturally, if the database/server doesn't trust you, you'll have to jump 
some hoops to get the password to the server, but then, trust is really the 
issue, isn't it? And if you've been keeping an eye on the securityfocus 
lists, you'd know that it is all about the trust.

What I keep hearing in this ongoing thread is the tradeoff between 
convenience and security.

I want security, and you want convenience. If you own the server, you win. 
Buy a server, pay for the bandwidth, learn to administer a server, and all 
your problems disappear.

Don't want to do that? Then you have to live by my rules, because I own the 
server, where your database lives.

Once again, if you are the expert, solve the problem. If you are not, pay 
the expert to solve the problem. If the cost to fix the problem is higher 
than you are willing to pay, the problem is not that important. If the cost 
to fix the problem is more than you can afford --- bummer
dude!!!!

That is the way the world works. If you don't like it, look for a different 
world. If you are rich, and/or completely without morals, and prone to 
self-centered fantasy try the world of people who pretend to be Conservative 
Republicans in the USA. (This is not intended as a slam against people who 
are actually Republicans, or Conservatives --- unless they have failed to 
speak out against those who usurp their identity.)

Sean



----- Original Message ----- 
From: "Bernard" <bht(at)actrix(dot)gen(dot)nz>
To: "Greg Stark" <gsstark(at)mit(dot)edu>
Cc: <pgsql-bugs(at)postgresql(dot)org>; <pgsql-general(at)postgresql(dot)org>
Sent: Friday, August 19, 2005 12:21 AM
Subject: Re: [GENERAL] [BUGS] BUG #1830: Non-super-user must be able to copy 
from a


Greg,

The desired COPY FILE functionality for a local non-superuser user
would require a local file. That file is available locally.

A suggested workaround COPY with STDIN would involve the TCP pipe.
This does of course have the support for remote uploads.

But I am not currently interested in remote data transfers.

Regards

Bernard

On 19 Aug 2005 02:03:54 -0400, you wrote:

>
>Oliver Jowett <oliver(at)opencloud(dot)com> writes:
>
>> Bernard was also objecting to the overhead of pushing the data down a
>> TCP pipe when it's already available locally, I think.. I didn't find
>> any real difference there when I compared the two methods, though.
>
>What makes you think it's necessarily available locally?


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq




In response to

Responses

pgsql-bugs by date

Next:From: Martijn van OosterhoutDate: 2005-08-19 08:55:48
Subject: Re: [BUGS] BUG #1830: Non-super-user must be able to copy from a file
Previous:From: Sean UttDate: 2005-08-19 07:46:29
Subject: Re: BUG #1830: Non-super-user must be able to copy from a file

pgsql-general by date

Next:From: Len WalterDate: 2005-08-19 08:34:03
Subject: Re: Timing out connections?
Previous:From: dknotoDate: 2005-08-19 08:10:41
Subject: How disable context view in RAISE

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group