On 05/19/2011 10:10 AM, Craig de Stigter wrote:
1. I'm assuming that the dump format can contain arbitrary sql commands,
so a pg_restore of this nature should be run under an untrusted account
in its own restricted schema. Can someone confirm that this is the case?
Correct. You very definitely
Hi list
We're writing a plugin for our website that loads single-table database
dumps created by untrusted users. My question is two-fold:
1. I'm assuming that the dump format can contain arbitrary sql commands, so
a pg_restore of this nature should be run under an untrusted account in its
own re