| From: | Bernard <bht(at)actrix(dot)gen(dot)nz> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Cc: | pgsql-bugs(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: BUG #1830: Non-super-user must be able to copy from a file |
| Date: | 2005-08-18 22:16:29 |
| Message-ID: | 9l1ag1djlqiek6i026f5f27nd45ibirqph@4ax.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-general |
Bruno and interested list members
I want to follow what is suggested here. How are STDIN and STDOUT
addressed when using the JDBC driver?
Or in other words where can I write or receive megabytes of data?
I would not want to append this to the String of a SQL Statement in
Java because that is a String in memory.
Thanks
Bernard
On Wed, 17 Aug 2005 06:51:12 -0500, you wrote:
>On Wed, Aug 17, 2005 at 09:22:16 +0100,
> Bernard <bht(at)actrix(dot)gen(dot)nz> wrote:
>>
>> The following bug has been logged online:
>
>This isn't a bug and you really should have asked this question on
>another list. I am moving the discussion over to the general list.
>
>>
>> Bug reference: 1830
>> Logged by: Bernard
>> Email address: bht(at)actrix(dot)gen(dot)nz
>> PostgreSQL version: 8.0.3
>> Operating system: Linux RedHat 9
>> Description: Non-super-user must be able to copy from a file
>> Details:
>>
>> On the attempt to bulk load a table from a file that is owned by the
>> non-superuser current database user, the following error message is
>> printed:
>>
>> "must be superuser to COPY to or from a file"
>>
>> What is the reason for this limitation?
>
>This is described in the documentation for the copy command.
>
>>
>> It can't justifiably be for security reasons because if a web application
>> such as tomcat requires to bulk load tables automatically on a regular basis
>> then one would be forced to let the web application connect as superuser,
>> which is very bad for security.
>
>No, because you can have the app read the file and then pass the data to
>the copy command. To do this you use STDIN as the file name.
>
>>
>> In MySQL bulk loading works for all users.
>
>You can use the \copy command in psql to load data from files.
>
>>
>> We need a Postgresql solution.
>>
>> We have a web application where both MySQL and Postresql are supported. With
>> Postgresql, the application would have to connect as user postgres. We have
>> to explain this security risk to our clients very clearly.
>>
>> ---------------------------(end of broadcast)---------------------------
>> TIP 2: Don't 'kill -9' the postmaster
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: explain analyze is your friend
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2005-08-18 22:34:40 | Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a file |
| Previous Message | Tom Lane | 2005-08-18 15:27:50 | Re: BUG #1832: Can't create function in plpgsql which has more than 10 parameters |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2005-08-18 22:34:40 | Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a file |
| Previous Message | Martijn van Oosterhout | 2005-08-18 21:29:15 | Re: total db lockup |