Tom Lane wrote: > Stephan Szabo <[EMAIL PROTECTED]> writes: > > On Fri, 23 Jul 2004, Andreas Pflug wrote: > >> What I'd like is > >> > >> SELECT pg_file_unlink('postgresql.conf.bak'); > >> SELECT pg_file_write('postgresql.conf.tmp', 'listen_addresses=...'); > >> SELECT pg_file_rename('postgresql.conf.tmp', 'postgresql.conf', > >> 'postgresql.conf.bak'); > >> SELECT pg_reload_conf(); > > > I personally don't think the above is the correct approach to allowing > > configuration editing from remote. > > I'm pretty much against allowing configuration editing from remote > altogether. It would raise the stakes tremendously in terms of what > an attacker can do once they've acquired a connection with superuser > rights. Remember that the above could be applied to pg_hba.conf, > pg_ident.conf, etc just as well as postgresql.conf. Not to mention > $HOME/.profile and other things the postgres user may own.
Why can't they just use COPY to replace the contents of pg_hba.conf now? -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html