Re: Interpretation of TRUSTED

From: elein(at)varlena(dot)com (elein)
To: Thomas Hallgren <thhal(at)mailblocks(dot)com>
Cc: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Interpretation of TRUSTED
Date: 2005-02-08 22:51:10
Message-ID: 20050208225110.GC12038@varlena.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

An untrusted language is so because of what it can do and cannot do.
An untrusted language cannot access the filesystem, for example.

WHO writes and runs untrusted and trusted procedures is a different
thing. It is the security mechanism meant to restrict writting
and running the functions written in a trusted/untrusted language.

--elein

On Tue, Feb 08, 2005 at 11:12:07PM +0100, Thomas Hallgren wrote:
> Hi,
> A TRUSTED language specifies that ordinary users can use the language.
> It also implies that access to the file system should be prevented. In
> essence, ordinary users can never access the filesystem.
>
> Is it OK to design a trusted language so that it allows access to the
> filesystem provided that the session user is a super-user?
>
> Regards,
> Thomas Hallgren
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Hallgren 2005-02-08 22:58:46 Re: Interpretation of TRUSTED
Previous Message pgsql 2005-02-08 22:43:30 Re: Query optimizer 8.0.1 (and 8.0)