Alvaro Herrera wrote: > Excerpts from Charles Pritchard's message: >> I don't believe the webmaster is granted free rein: >> Disk quotas are enforced, data is separated per origin, >> hanging processes are up to the implementer, and postgres has >> plenty of settings for that. > > The day a privilege escalation is found and some webserver runs > "pg_read_file()" on your browser, will be a sad one indeed. Personally, I feel somewhat more safe about trusting PostgreSQL on this than JavaScript, Java applets, a Flash plug-in, and cookies -- all of which are enabled in my browser. Sure, I occasionally hit an ill-behaved page and need to xkill my browser. I don't visit that site again. And it really doesn't happen to me very often. Can you can make a case that this proposal is more dangerous than having all the above enabled? -Kevin
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers