| From: | "Bernard" <bht(at)actrix(dot)gen(dot)nz> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #1830: Non-super-user must be able to copy from a file |
| Date: | 2005-08-17 08:22:16 |
| Message-ID: | 20050817082216.8E7BAF0C12@svr2.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-general |
The following bug has been logged online:
Bug reference: 1830
Logged by: Bernard
Email address: bht(at)actrix(dot)gen(dot)nz
PostgreSQL version: 8.0.3
Operating system: Linux RedHat 9
Description: Non-super-user must be able to copy from a file
Details:
On the attempt to bulk load a table from a file that is owned by the
non-superuser current database user, the following error message is
printed:
"must be superuser to COPY to or from a file"
What is the reason for this limitation?
It can't justifiably be for security reasons because if a web application
such as tomcat requires to bulk load tables automatically on a regular basis
then one would be forced to let the web application connect as superuser,
which is very bad for security.
In MySQL bulk loading works for all users.
We need a Postgresql solution.
We have a web application where both MySQL and Postresql are supported. With
Postgresql, the application would have to connect as user postgres. We have
to explain this security risk to our clients very clearly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2005-08-17 11:51:12 | Re: BUG #1830: Non-super-user must be able to copy from a file |
| Previous Message | Lee Hyun soon | 2005-08-17 08:13:28 | BUG #1829: pgsql odbc & ADO.NET(modify) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aliomar Mariano Rego | 2005-08-17 08:24:00 | Set autocommit to off |
| Previous Message | Junaili Lie | 2005-08-17 05:43:11 | Re: table clustering brings joy |