Quick Links

Re: Disable access shell command in psql

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Thiago Maluf" <malufrj(at)gmail(dot)com>
Cc:	pgsql-admin(at)postgresql(dot)org
Subject:	Re: Disable access shell command in psql
Date:	2007-07-23 14:26:25
Message-ID:	24056.1185200785@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

"Thiago Maluf" <malufrj(at)gmail(dot)com> writes:
> I have one database server with postgresql 8.1 and I discovered yesterday
> one security problem.
> When I access my server with thought psql I have the possibility execute
> command in my server using "\!" or write one file using "\e".

These are done on the client side, not the server side. There is no
security issue here, because psql's user could equally well do the
same things without using psql.

regards, tom lane

In response to

Disable access shell command in psql at 2007-07-23 13:59:17 from Thiago Maluf

Responses

Re: Disable access shell command in psql at 2007-07-23 14:31:09 from Thiago Maluf

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Thiago Maluf	2007-07-23 14:31:09	Re: Disable access shell command in psql
Previous Message	Michael Fuhr	2007-07-23 14:16:35	Re: Disable access shell command in psql