Bruce Momjian <[EMAIL PROTECTED]> writes:
> Agreed it should be relative to the log directory, which may or not be
> under PGDATA, and don't let them go up above it.  Is there any downside
> to allowing absolute reads as well because COPY can already read
> absolute files.

Perhaps not from a security point of view, but I think it would be
rather bizarre for a general-purpose pg_read_file() function to default
to reading from the log directory.  From the point of view of having
a consistent API, it'd be better to call the functions something like
pg_read_logdirectory() and pg_read_logfile() and restrict them to the
log directory.  If we later decide we want to add a general
pg_read_file() operation, we won't have to contort its operation to
preserve compatibility with the log-fetching case.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faqs/FAQ.html

Reply via email to