Thread: Don't allow relative path for copy from file
As described in the reference manual for COPY, we should to check file's path format not to allow relative path. Please find attached a patch. Thanks, Best regards, Etsuro Fujita
"Etsuro Fujita" <fujita.etsuro@lab.ntt.co.jp> writes:
> As described in the reference manual for COPY, we should to check file's path
> format not to allow relative path. Please find attached a patch.
The argument for disallowing writing to a relative path is to make it
harder to accidentally overwrite a database file. That argument does
not apply to COPY IN, so I'm not convinced we should impose an
additional restriction. It's not out of the question that this would
break real-world use-cases --- imagine someone whose workflow involves
copying data files across a network to a directory accessible to the
server (and quite possibly specified by a relative path) and then doing
COPY IN.
In any case, this patch is missing documentation updates, specifically
the paragraph in the COPY reference page that it falsifies.
regards, tom lane
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us] > "Etsuro Fujita" <fujita.etsuro@lab.ntt.co.jp> writes: > > As described in the reference manual for COPY, we should to check file's path > > format not to allow relative path. Please find attached a patch. > > The argument for disallowing writing to a relative path is to make it > harder to accidentally overwrite a database file. That argument does > not apply to COPY IN, so I'm not convinced we should impose an > additional restriction. It's not out of the question that this would > break real-world use-cases --- imagine someone whose workflow involves > copying data files across a network to a directory accessible to the > server (and quite possibly specified by a relative path) and then doing > COPY IN. > > In any case, this patch is missing documentation updates, specifically > the paragraph in the COPY reference page that it falsifies. Agreed. I'd like to withdraw the patch sent in the earlier post, and propose to update the documentation in the COPY reference page. Please find attached a patch. Thanks, Best regards, Etsuro Fujita
On Thu, Aug 16, 2012 at 2:11 AM, Etsuro Fujita <fujita.etsuro@lab.ntt.co.jp> wrote: > Agreed. I'd like to withdraw the patch sent in the earlier post, and propose to > update the documentation in the COPY reference page. Please find attached a > patch. I think this is a good idea, but I didn't like the exact wording you chose, so I committed something a little different. Let me know whether it looks OK. Thanks, -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
> From: Robert Haas [mailto:robertmhaas@gmail.com] > On Thu, Aug 16, 2012 at 2:11 AM, Etsuro Fujita > <fujita.etsuro@lab.ntt.co.jp> wrote: > > Agreed. I'd like to withdraw the patch sent in the earlier post, and propose > to > > update the documentation in the COPY reference page. Please find attached > a > > patch. > > I think this is a good idea, but I didn't like the exact wording you > chose, so I committed something a little different. Let me know > whether it looks OK. It looks fine to me. Thanks! Best regards, Etsuro Fujita