I am working with the pgAdmin git source and I am having trouble
understanding the adminpack functions being used.
In the file pgadmin/frm/frmHbaConfig.cpp, the pg_hba.conf edit form
constructor appears to get the absolute path to the configuration file
and stores this value in "serverFileName" ("SHOW hba_file"). The value
is then used to few lines down in a call to "SELECT pg_file_read(...)".
Net Search suggests that pg_file_read can be used to access files in the
pg data/log directories only. Experimenting on my localhost, any attempt
to use a "../" or and absolute path results in an error.
What I'm having a problem understanding is how the pg_file_read function
can work in this context. I can access files in the data directory
nicely, but emulating the queries being used in the pgAdmin code will
not work. What magic was built into the code to get around the absolute
path security?
Regards,
Scott
--
Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-support
