Re: pg_execute_from_file, patch v10
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Itagaki Takahiro <itagaki.takahiro@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Dimitri Fontaine <dimitri@2ndquadrant.fr>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2010-12-14T03:47:45Z
Lists: pgsql-hackers
Itagaki Takahiro <itagaki.takahiro@gmail.com> writes: > On Tue, Dec 14, 2010 at 12:02, Robert Haas <robertmhaas@gmail.com> wrote: >> As Tom says, this is clearly not going to fly on security grounds. > If it's a security hole, lo_import() should be also a hole > because we can use lo_import() and SELECT * FROM pg_largeobject > for the same purpose... lo_import is superuser-only. If we design this feature so that it will forever have to be superuser-only, to get a behavior that I think we don't even *want*, I believe we're making a serious error. regards, tom lane