| From: | elein(at)varlena(dot)com (elein) |
|---|---|
| To: | Thomas Hallgren <thhal(at)mailblocks(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interpretation of TRUSTED |
| Date: | 2005-02-08 22:51:10 |
| Message-ID: | 20050208225110.GC12038@varlena.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
An untrusted language is so because of what it can do and cannot do.
An untrusted language cannot access the filesystem, for example.
WHO writes and runs untrusted and trusted procedures is a different
thing. It is the security mechanism meant to restrict writting
and running the functions written in a trusted/untrusted language.
--elein
On Tue, Feb 08, 2005 at 11:12:07PM +0100, Thomas Hallgren wrote:
> Hi,
> A TRUSTED language specifies that ordinary users can use the language.
> It also implies that access to the file system should be prevented. In
> essence, ordinary users can never access the filesystem.
>
> Is it OK to design a trusted language so that it allows access to the
> filesystem provided that the session user is a super-user?
>
> Regards,
> Thomas Hallgren
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Hallgren | 2005-02-08 22:58:46 | Re: Interpretation of TRUSTED |
| Previous Message | pgsql | 2005-02-08 22:43:30 | Re: Query optimizer 8.0.1 (and 8.0) |