| From: | "Thiago Maluf" <malufrj(at)gmail(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Disable access shell command in psql |
| Date: | 2007-07-23 14:31:09 |
| Message-ID: | c8bf7e920707230731s2e54102dscc5419e27ee6d055@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I`m sorry list.
I had one mistake.
Thanks for everyone.
Thiago
2007/7/23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>
> "Thiago Maluf" <malufrj(at)gmail(dot)com> writes:
> > I have one database server with postgresql 8.1 and I
> discovered yesterday
> > one security problem.
> > When I access my server with thought psql I have the possibility
> execute
> > command in my server using "\!" or write one file using "\e".
>
> These are done on the client side, not the server side. There is no
> security issue here, because psql's user could equally well do the
> same things without using psql.
>
> regards, tom lane
>
--
----------------------------------------------------------------
THIAGO MALUF RESENDE
Consultor Voip e Programador WEB (Voip Developer and Web Developer)
Tel: +55 21 86042100
e-mail: malufrj(at)gmail(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jessica Richard | 2007-07-23 17:11:54 | Re: "_" in a serach pattern |
| Previous Message | Tom Lane | 2007-07-23 14:26:25 | Re: Disable access shell command in psql |