Skip site navigation (1) Skip section navigation (2)

Re: Disable access shell command in psql

From: "Thiago Maluf" <malufrj(at)gmail(dot)com>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Disable access shell command in psql
Date: 2007-07-23 14:31:09
Message-ID: c8bf7e920707230731s2e54102dscc5419e27ee6d055@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
I`m sorry list.
I had one mistake.
Thanks for everyone.
Thiago

2007/7/23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>
> "Thiago Maluf" <malufrj(at)gmail(dot)com> writes:
> > I have one database server with postgresql 8.1 and I
> discovered  yesterday
> > one  security problem.
> > When  I access my server with  thought psql I have the possibility
> execute
> > command in my server using "\!" or write one file using "\e".
>
> These are done on the client side, not the server side.  There is no
> security issue here, because psql's user could equally well do the
> same things without using psql.
>
>                         regards, tom lane
>



-- 
----------------------------------------------------------------
THIAGO MALUF RESENDE
Consultor Voip e Programador WEB (Voip Developer and Web Developer)
Tel: +55 21 86042100
e-mail: malufrj(at)gmail(dot)com

In response to

pgsql-admin by date

Next:From: Jessica RichardDate: 2007-07-23 17:11:54
Subject: Re: "_" in a serach pattern
Previous:From: Tom LaneDate: 2007-07-23 14:26:25
Subject: Re: Disable access shell command in psql

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group