Bernard wrote:
> 2) Split up security risk calculations between the two directions "TO"
> and "FROM" and relax security. Look at MySQL for clues. The
> application developer can manage security on file system permission
> level.
I looked at MySQL's docs briefly and its behaviour seems almost the same
as PostgreSQL's with some minor differences:
- the equivalent to COPY is "LOAD DATA INFILE"
- the equivalent to FROM STDIN is "LOCAL"
- for non-LOCAL loads, the DB user must have FILE privilege which is
"file access on server host".
Given FILE privilege in MySQL, you can read existing files and create
new files based on the access the server user has.
It sounds like what you really want is the ability to grant something
like FILE access without granting all superuser rights? Sounds like a
feature request, not a bug, to me :-)
Also, you better hope that there's no sensitive information readable by
the server user that could be used to gain superuser access.. such as
.pgpass files or info from pg_hba.conf, for example.
-O