On Tue, Jul 26, 2016 at 9:52 AM, Dev Kumkar <devdas.kum...@gmail.com> wrote:
> On Tue, Jul 26, 2016 at 6:59 PM, David G. Johnston < > david.g.johns...@gmail.com> wrote: > >> Typically this means that given user only having psql, or some other >> backend protocol only, connect to the database are they able to execute >> arbitrary commands as the user running the PostgreSQL process on the host >> system. >> >> Untrusted langauges are untrusted for specifically this reason. Without >> untrusted languages it requires privilege escalation to interact >> dynamically with the host operating system. >> >> Assuming raised privileges it is presently impossible to prevent such >> dynamic interaction. >> > > Just thinking if untrusted language like plperlu is not installed then > executing arbitrary commands is not possible. > So the other possible which you did mention was COPY FROM PROGRAM command, > is this understanding correct? > > Regards... > >COPY FROM PROGRAM I think at this point it would be most beneficial if 1. You stated your version of PostgreSQL & O/S 2. Gave a comprehensive explanation of exactly what you are trying to do. IOW, What exactly are you trying to prevent users from doing and why? -- *Melvin Davidson* I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.
