[postgis-users] Why use C procedurals for Postgres
Mark Cave-Ayland
mark.cave-ayland at siriusit.co.uk
Fri Jan 21 06:23:30 PST 2011
On 21/01/11 13:44, Rudy COMMENGE wrote:
> Hello,
>
> I have installed Postgis with PostgreSQL.
> When I try to send postgis.sql to PostgreSQL, I have an error notifying
> C is not trusted.
> So I think I have found a solution : I disable the security with this
> request "UPDATE pg_language SET lanpltrusted=true WHERE lanname='c';"
>
> But this is a security, so is there another solution without disable ?
> If not, why Postgis need to bypass a PostgreSQL security ?
>
> Regards,
>
> RudyWI
Hi Rudy,
Only the PostgreSQL super-user can install C functions into the
database, and for good reason. A C function can execute any code in the
context of the database, and so your change above has opened up a big
security hole in your database - I strongly recommend you change it back.
Note that once you've installed PostGIS as the database super-user, you
can always use ALTER TABLE...OWNER... to change the ownership of your
tables back to your normal (non-super) user.
HTH,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
More information about the postgis-users
mailing list