Skip site navigation (1) Skip section navigation (2)

Re: Disable access shell command in psql

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Thiago Maluf" <malufrj(at)gmail(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Disable access shell command in psql
Date: 2007-07-23 14:26:25
Message-ID: 24056.1185200785@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-admin
"Thiago Maluf" <malufrj(at)gmail(dot)com> writes:
> I have one database server with postgresql 8.1 and I discovered  yesterday
> one  security problem.
> When  I access my server with  thought psql I have the possibility execute
> command in my server using "\!" or write one file using "\e".

These are done on the client side, not the server side.  There is no
security issue here, because psql's user could equally well do the
same things without using psql.

			regards, tom lane

In response to

Responses

pgsql-admin by date

Next:From: Thiago MalufDate: 2007-07-23 14:31:09
Subject: Re: Disable access shell command in psql
Previous:From: Michael FuhrDate: 2007-07-23 14:16:35
Subject: Re: Disable access shell command in psql

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group