Closed wuputah closed 1 week ago
Another option would be to restrict it to certain directories?
Yeah, could certainly do that as a further enhancement. My thought was you either are cool with accessing the filesystem (for testing, running on localhost, etc), or you're not (hosted / production environment).
I have production uses for local data (not just dev/testing) & so would like this restricted to certain directories, instead of just on/off
/etc/passwd
is a world-readable CSV file 😅
Moved this to 0.1.0 milestone since this should be very easy to address in #217 by setting disabled_filesystems = 'LocalFilesystem'
ah, excellent!
Discussed this a long time ago... but currently we allow DuckDB to read from the local filesystem. This is a security risk; the CSV reader is particularly easy to use here since it will read just about any plain text file.
This should instead be controllable via a GUC, default disabled, that can only be enabled by superuser.