Re: Attention PL authors: want to be listed in template table?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Thomas Hallgren <thhal(at)mailblocks(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Attention PL authors: want to be listed in template table?
Date: 2005-09-08 17:35:06
Message-ID: 11399.1126200906@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Thomas Hallgren wrote:
>> PL/Java is designed to run perfectly safe with a JVM that has the
>> correct features implemented. GCJ has serious issues with security
>> and I don't see that PL/Java, nor PostgreSQL should make any attempt
>> to fix them.

> Well, we had a similar discussion about the time when the Python
> security support was decreed nonexistent by its author. Clearly,
> people still use Python, and people still use PL/Python. It's really
> easy to spread a panic by claiming that GCJ has "no security". That's
> clearly wrong because GCJ can be used safely in many useful situations.

Actually, I've just been discussing this with Red Hat's gcj people in
connection with a different project. What they say is that the Java
security manager is completely implemented now, but what is still
missing is that it's possible to bypass Java security if you can execute
untrusted bytecode. So if I understand correctly, a gcj environment is
secure as long as you can prevent hacked-up class files from getting
into your classpath.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2005-09-08 17:36:25 Re: statement logging / extended query protocol issues
Previous Message Peter Eisentraut 2005-09-08 17:31:36 Re: initdb profiles