Re: TR: Re: TR: interface PERL and return results

Ok I understands better maintaining this constraint.
This is why I would use the first method across <STDIN> functionnality :-)

Thank you with all the people during this wire to have helped me in this investigation :-)

Victor

* From: rmunn(at)pobox(dot)com
* To: "victor3(dot)lopes(at)voila(dot)fr" <victor3(dot)lopes(at)voila(dot)fr>
* Subject: Re: TR: Re: TR: interface PERL and return results
* Date: Fri, 11 Oct 2002 09:22:46 -0500

> Yes, the reason for this is security reasons. If anyone could read from
> any file, then it would be easy to read, say, '/etc/passwd' into a
> database table. And if anyone could write to any file, you might be able
> to clobber important security files like /etc/passwd, or just do a
> denial-of-service attack by writing gigabytes and gigabytes until the
> disk fills up.
>
> Anytime you give direct access to the hard disk, in any way at all, to a
> user connecting from the Web, you have created a LOT of security
> problems. That's why file access is limited only to the postgres
> superuser. It's better not to allow file access from the web AT ALL, but
> if you really must, then you can use the postgres superuser -- but be
> certain that you know what you're doing.
>
> --
> Robin Munn
>rmunn(at)pobox(dot)com

> Attachment: pgp00003.pgp
> Description: PGP signature
------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr