> > Because I wanted the standard platform behaviour of both. > For backend > > storage subsystem purposes, it's certainly necessary to emulate *ix > > behaviour of deleting a file in use, but for generic file > access IMHO > > the generic behaviour should be exposed. > > I'm going to repeat my firm opposition to this patch. Under > the innocuous-sounding banner of "server instrumentation", > you are once again trying to put in generic file access > capabilities that will allow remote Postgres superusers full > access to the server filesystem. > > The potential security risks of this are obvious to anyone. > The only justification that has been offered is "this will > make remote administration easier". Well, yeah, but it will > make remote breakins easier too. Valuing ease of use over > security is the philosophy that got Microsoft into the mess > they're in now --- do we want to follow that precedent?
How is this different from the fact that the superuser can already use COPY to accomplish the same thing? Sure, you have to go through a temporary table but if you're superuser that is not exactly a problem. You can read/write any file the service account has permissions on. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq