Tom Lane wrote: > Bruce Momjian <[EMAIL PROTECTED]> writes: > > Tom Lane wrote: > >> I'm pretty much against allowing configuration editing from remote > >> altogether. > > > Why can't they just use COPY to replace the contents of pg_hba.conf now? > > If you've write-protected it, that doesn't work. > > Also, COPY insists on an absolute path, and if the attacker doesn't know > the value of $PGDATA or $HOME then he'll have some difficulty doing > anything much with it. I thought that the handy default of $PGDATA in > the proposed functions was pretty unwise all by itself --- if they don't > require absolute paths then that's still another new door we'll be opening.
I think he wanted $PGDATA default so a remote user could find the log location without a problem. I would prefer to see something specific in the file name passed to identify PGDATA, but I don't have a problem with the substitution. Thinking we have security because they can't guess pgdata seems like security through obscurity to me. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
