On Tue, Jan 15, 2013 at 2:53 PM, Stephen Frost <sfr...@snowman.net> wrote: > The popen patch doesn't support the '|compression-binary' option through > the FE protocol. Even if it did, it would only be available for > superusers as we can't allow regular users to run arbitrary commands on > the server-side.
That points towards a fix that involves having a set of non-arbitrary commands that we allow plain users to use. Hmm. There's an interesting thought... How about having a "pg_filters" table in pg_catalog which allows capturing labels and names of known-to-be-safe binary filters: insert into pg_filters (label, location) values ('zcat', '/usr/bin/zcat'), ('bzip2', '/usr/bin/bzip2'), ('bunzip2', '/usr/bin/bunzip2'); And then having some capability to grant permissions to roles to use these filters. That's not a "version 1" capability... Suppose we have, in 9.3, that there are direct references to "|/usr/bin/zcat" (and such), and then hope, in 9.4, to tease this out to be a non-superuser-capable facility via the above pg_filters? These filters should be useful for FDWs as well as for COPY. -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?" -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers