Bruce Momjian <[EMAIL PROTECTED]> writes: > Agreed it should be relative to the log directory, which may or not be > under PGDATA, and don't let them go up above it. Is there any downside > to allowing absolute reads as well because COPY can already read > absolute files.
Perhaps not from a security point of view, but I think it would be rather bizarre for a general-purpose pg_read_file() function to default to reading from the log directory. From the point of view of having a consistent API, it'd be better to call the functions something like pg_read_logdirectory() and pg_read_logfile() and restrict them to the log directory. If we later decide we want to add a general pg_read_file() operation, we won't have to contort its operation to preserve compatibility with the log-fetching case. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html