| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | elein(at)varlena(dot)com |
| Cc: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PlPython |
| Date: | 2003-06-28 03:29:43 |
| Message-ID: | 15303.1056770983@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
elein <elein(at)varlena(dot)com> writes:
> Perhaps this should be asked on the interfaces list, but...
> Exactly what functions are prohibited (or acceptable)
> for a pl language in PostgreSQL to become trusted?
> Is the exact criteria list documented somewhere?
We don't have a formal definition, but I'd say a minimum requirement
is that a function written in a trusted PL language cannot cause any
outside-the-database actions to be attempted by the backend (such as
trying to read or write any files in the server's filesystem). A
trusted-PL language should be able to define arbitrary self-contained
computations (arithmetic, pattern-matching, or what have you), and it
should be able to access the database at the same level as regular
SQL commands. It should not be able to bypass the SQL abstractions nor
execute any OS-level operations using the postgres user's privileges.
> Since C is wide open, why is it considered trusted,
> or is it?
It isn't.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2003-06-28 03:50:58 | Re: Redhat's "enhancements" to PG |
| Previous Message | Tom Lane | 2003-06-28 03:05:58 | Re: dropping sequences |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2003-06-28 03:32:22 | Re: Missing array support |
| Previous Message | Bruno Wolff III | 2003-06-28 03:27:29 | Re: When will table partitioning be available.. |