| From: | "Bernard" <bht(at)actrix(dot)gen(dot)nz> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #1834: Non-super-user must be able to copy from a file through JDBC |
| Date: | 2005-08-18 22:55:00 |
| Message-ID: | 20050818225500.03171F0B08@svr2.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 1834
Logged by: Bernard
Email address: bht(at)actrix(dot)gen(dot)nz
PostgreSQL version: 8.03
Operating system: Linux RedHat 9
Description: Non-super-user must be able to copy from a file through
JDBC
Details:
On the attempt to bulk load a table from a file that is owned by the
non-superuser current database user, the following error message is
printed:
"must be superuser to COPY to or from a file"
Following this advice would force the application to connect as superuser
which is a severe security risk.
The postgres-specific workaround to use STDIN with COPY is not supported by
the Postgres JDBC driver.
In comparison MySQL bulk loading works for all users with its JDBC driver.
We need a Postgresql solution to this security issue that is as simple as
the MySQL version.
We have a web application where both MySQL and Postresql are supported. With
Postgresql, the application would have to connect as user postgres. We have
to explain this security risk to our clients very clearly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2005-08-18 23:10:42 | Re: BUG #1830: Non-super-user must be able to copy from a |
| Previous Message | Martijn van Oosterhout | 2005-08-18 22:34:40 | Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a file |