Steve White wrote: > Hi Kevin, > > On 1.02.11, Kevin Grittner wrote: > > [Please don't top-post. Rearranged for clarity.] > > > As you like. > > > Steve White <swh...@aip.de> wrote: > > > On 1.02.11, Tom Lane wrote: > > >> Steve White <swh...@aip.de> writes: > > >>> It would be really nice to have a way to load script (especially > > >>> Python and Perl) from a separate file into a function body. > > >> > > >> This seems like a security hole, ie, you could use it to read any > > >> file the backend has access to. > > > > > Isn't the \i command a similar security hole? > > > > That is run by a client program on a client machine. > > Sorry I don't understand this remark. > > Are you saying that \i is disabled to user postgres? > Just tried: it isn't. > Are you saying that as a normal user I can use \i to load a file that I > don't normally have access to? > Just tried: nope -- permission denied. > > What scenario do you have in mind?
\i is a psql client command, not something the backend runs. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
