| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Kirill Reshke <reshkekirill(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Ignat Remizov <ignat980(at)gmail(dot)com>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM |
| Date: | 2025-12-04 16:32:51 |
| Message-ID: | CAGECzQRaihL5fZ94Vf+P7hw+y2u6sV_qOQfeJJDMmAh29SOkdA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 4 Dec 2025 at 11:56, Kirill Reshke <reshkekirill(at)gmail(dot)com> wrote:
> > One idea would be to disallow FROM PROGRAM when connecting over the
> network instead of a Unix socke
>
> How this would be protected from connecting to PostgreSQL over the
> network and then executing dblink, making local (socket) connection?
Good question. I think the easiest would be to always disallow FROM
PROGRAM (by default) instead of only when connecting over the network.
Another option would be to have dblink (and pg_fdw) tell postgres (wih
e.g. a GUC being set in the StartupMessage) that it should be
considered a remote connection for these purposes.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-12-04 17:30:28 | Re: pgsql: Add pg_atomic_unlocked_write_u64 |
| Previous Message | Matthias van de Meent | 2025-12-04 16:32:48 | Re: Revisiting {CREATE INDEX, REINDEX} CONCURRENTLY improvements |