Skip site navigation (1) Skip section navigation (2)

Re: TR: Re: TR: interface PERL and return results

From: rmunn(at)pobox(dot)com
To: "victor3(dot)lopes(at)voila(dot)fr" <victor3(dot)lopes(at)voila(dot)fr>
Cc: pgsql-interfaces <pgsql-interfaces(at)postgresql(dot)org>
Subject: Re: TR: Re: TR: interface PERL and return results
Date: 2002-10-11 14:22:46
Message-ID: 20021011142246.GA4741@rmunnlfs (view raw or flat)
Thread:
Lists: pgsql-interfaces
On Fri, Oct 11, 2002 at 10:34:43AM +0200, victor3(dot)lopes(at)voila(dot)fr wrote:
> > > DEBUG:  ProcessUtility: COPY temp FROM '-- my path -- /result.res'
> > > ERROR:  You must have Postgres superuser privilege to do a COPY directly to or from a
> > > file.  Anyone can COPY to stdout or from stdin.  Psql's \copy command also works for
> > > anyone.
> > > ....
> > >
> > > I don't understand why this error because the superuser postgres (who had create for
> > > launch the server) have the privilege
> > > for access and read this file.
> >
> > In your Perl script, what user and password did you use to connect to
> > the database?
> Indeed my user is http and is not the superuser. In my host superuser postgresql is user postgres.
> 
> >You need to *connect* as the Postgres superuser (which is
> > almost always the user named 'postgres').
> >
> > If you are connected as user postgres then your COPY command should
> > work.
> >
> > --
> > Robin Munn
> > rmunn(at)pobox(dot)com
> 
> Ok, thanks for this information, but i find it's a  pity because on all my code i use the user http for to access
> tables and I do not see why it would be necessary that I connect differently to use command Copy : - ( for
> access directly to my file.
> Perhaps a problem of security ?

Yes, the reason for this is security reasons. If anyone could read from
any file, then it would be easy to read, say, '/etc/passwd' into a
database table. And if anyone could write to any file, you might be able
to clobber important security files like /etc/passwd, or just do a
denial-of-service attack by writing gigabytes and gigabytes until the
disk fills up.

Anytime you give direct access to the hard disk, in any way at all, to a
user connecting from the Web, you have created a LOT of security
problems. That's why file access is limited only to the postgres
superuser. It's better not to allow file access from the web AT ALL, but
if you really must, then you can use the postgres superuser -- but be
certain that you know what you're doing.

-- 
Robin Munn
rmunn(at)pobox(dot)com

In response to

pgsql-interfaces by date

Next:From: Jean-Luc LachanceDate: 2002-10-11 14:31:50
Subject: Re: TR: Re: TR: interface PERL and return results
Previous:From: Vit PruchaDate: 2002-10-11 10:45:01
Subject: Borland builder libpg or libpg++

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group