Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: pg_read_file() and non-ascii input file
- From: Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
- To: pgsql-hackers(at)postgresql(dot)org
- Subject: Re: pg_read_file() and non-ascii input file
- Date: Mon, 30 Nov 2009 18:36:05 +0900
- Message-id: <20091130183605.64E5.52131E4D@oss.ntt.co.jp> <text/plain>
Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> wrote:
> pg_read_file() takes byte-offset and length as arguments,
> but we don't check the result text with pg_verify_mbstr().
> Should pg_read_file() return bytea instead of text or adding
> some codes to verify the input? Only superusers are allowed
> to use the function, but it is still dangerous.
Here is a patch to modify the result type of pg_read_file to bytea.
I think it is a possibly-security hole -- it might be safe because only
supersusers can use the function, but it is still dangerous.
We can still use the function to read a text file:
SELECT convert_from(pg_read_file(...), 'encoding')
If we want to keep backward compatibility, the issue can be fixed
by adding pg_verifymbstr() to the function. We can also have the
binary version in another name, like pg_read_binary_file().
Which solution is better? Comments welcome.
Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center
Attachment:
pg_read_file_as_bytea.patch
Description: Binary data
- Prev by Date: Re: draft RFC: concept for partial, wal-based replication
- Next by Date: Re: draft RFC: concept for partial, wal-based replication
- Previous by thread: is isolation level 'Serializable' in pg not same as 'serializable' in SQL-92?
- Next by thread: Feature request: permissions change history for auditing
- Indexes: