| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Tomasz Olszak <tolszak(at)o2(dot)pl>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Problem with accesing Oracle from plperlu functionwhen using remote pg client. |
| Date: | 2009-03-17 00:50:36 |
| Message-ID: | 28027.1237251036@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> writes:
> Hmm, I wonder if you could do something malicious with it.
There are any number of scenarios where exposing the client command-line
contents to other database users represents a security hole, quite
independently of whether anything falls over depending on the line
contents. (I wonder whether there are any Oracle clients that accept
a password on the command line, for instance.)
The only reason this complaint is directed to us, and not Oracle,
is that the complainant knows how far he's likely to get complaining
to Oracle :-(
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-03-17 00:57:00 | Re: typmod is always -1 |
| Previous Message | Bruce Momjian | 2009-03-16 22:20:04 | Re: small but useful patches for text search |