Обсуждение: Disable copy function
Hi Team
How do I disable copy option from database, i understand usually this option will be available only for super user, however we need to disable fully from DB.. please advice
On Thursday, November 29, 2018, prasanna rk <prasanna2mail@gmail.com> wrote:
Hi TeamHow do I disable copy option from database, i understand usually this option will be available only for super user, however we need to disable fully from DB.. please advice
Modify the source code and recompile your own custom version. Don’t forget to remove the select statement as well...
David J.
>>>>> "prasanna" == prasanna rk <prasanna2mail@gmail.com> writes: prasanna> Hi Team prasanna> How do I disable copy option from database, i understand prasanna> usually this option will be available only for super user, prasanna> however we need to disable fully from DB.. please advice Why? Notice that the superuser has other ways to read and write files (for example lo_import/lo_export, pg_read_file, using ALTER SYSTEM to change the log directory and filename, loading a module to call the OS, using file access functions in any untrusted language, etc. etc.) -- Andrew (irc:RhodiumToad)
On 11/30/2018 03:18 AM, Andrew Gierth wrote: >>>>>> "prasanna" == prasanna rk <prasanna2mail@gmail.com> writes: > prasanna> Hi Team > prasanna> How do I disable copy option from database, i understand > prasanna> usually this option will be available only for super user, > prasanna> however we need to disable fully from DB.. please advice > > Why? ISTM that a lot of people on this list have never worked in large companies run by unimaginative people who only know "Best Practice". This crazy question smells of that: OP has been tasked with blocking COPY or coming back with an authoritative document saying why it can't be done. > Notice that the superuser has other ways to read and write files (for > example lo_import/lo_export, pg_read_file, using ALTER SYSTEM to > change the log directory and filename, loading a module to call the OS, > using file access functions in any untrusted language, etc. etc.) -- Angular momentum makes the world go 'round.
On Fri, Nov 30, 2018 at 2:34 AM Ron <ronljohnsonjr@gmail.com> wrote: > > On 11/30/2018 03:18 AM, Andrew Gierth wrote: > >>>>>> "prasanna" == prasanna rk <prasanna2mail@gmail.com> writes: > > prasanna> Hi Team > > prasanna> How do I disable copy option from database, i understand > > prasanna> usually this option will be available only for super user, > > prasanna> however we need to disable fully from DB.. please advice > > > > Why? > > ISTM that a lot of people on this list have never worked in large companies > run by unimaginative people who only know "Best Practice". This crazy > question smells of that: OP has been tasked with blocking COPY or coming > back with an authoritative document saying why it can't be done. I'd probably be on board with a compile-time option to disable filesystem access by the postgres service from within the SQL interface...language-wise the server operator can already make them unavailable, if sand-boxing isn't an option. As for the whole not working in a large corporation - I'd rather not deal with that and revert to just answering the question that was put forth, with a nod toward the fact that indeed what is being asked is likely too narrow to be effective (beyond a checkbox on a piece of paper) even if accomplished. David J.