On 11/16/2012 03:35 AM, Tom Lane wrote: > The biggest problem this patch has had from the very beginning is > overdesign, and this is more of the same. Let's please just define the > feature as "popen, not fopen, the given string" and have done. You can > put all the warning verbiage you want in the documentation. (But note > that the server-side version would be superuser-only in any flavor of > the feature.)
I concede that as server-side COPY is superuser-only already it doesn't offer the same potential for attack that it otherwise would. If applications take unchecked file system paths from users and feed them into a superuser command they already have security problems. I'd still be much happier to have COPY ... FROM PROGRAM - or something - to clearly make the two different, for clarity as much as security. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
