On Tue, Jul 30, 2002 at 02:05:57PM -0400, Tom Lane wrote: > > If we add more environment-variable-dependent mechanisms to allow more > different things to be done, we increase substantially the odds of > creating an exploitable security hole.
Ok, true enough, but I'm not sure that a config file or any other such mechanism is any safer. As Lamar Owen said, anyone who can poison the postgres user's environment can likely do evil things to postgresql.conf as well. Still, environment variables _are_ a notorious weak point for crackers. As I said, I don't much care how it is implemented, but I think _that_ it is implemented is important, at least for our (Liberty's) uses. If the only way it's going to be done is to accept a potential security risk, maybe the answer is to allow the security risk, but set by default to off. A -- ---- Andrew Sullivan 87 Mowat Avenue Liberty RMS Toronto, Ontario Canada <[EMAIL PROTECTED]> M6K 3E3 +1 416 646 3304 x110 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly