| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | steve(dot)pousty(at)gmail(dot)com, pgsql-docs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Trusted versus untrusted Pl language |
| Date: | 2020-12-23 22:41:40 |
| Message-ID: | 20201223224140.GA13055@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Wed, Dec 23, 2020 at 08:24:13PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/13/plpython.html
> Description:
>
> Hey all:
> This page & the PL/PERL page are the closest I have seen in the docs about
> trusted versus untrusted languages.
>
> It would be great if we could add a subtopic and 1 or 2 paragraphs on this
> page https://www.postgresql.org/docs/current/xplang.html
Uh, what about this?
https://www.postgresql.org/docs/13/xplang-install.html
> Possibly outline:
> A) Explain to users what trusted versus untrusted in terms of language
> extensions.
> 1) Differentiate that from non-risky versus risky
> 2) Explain why, by default, functions written in untrusted languages
> need to be added by superuser.
> B) It would be great to give an example workflow of working with untrusted
> languages
> 1) Developer uses superuser on their own machine or makes the language
> trusted
> 2) Send function to the DBA
> 3) Function goes through security review and testing
> 4) If it passes then the DBA installs in a production DB
> C) An example on how to make a language trusted in a db.
Does that URL need more detail?
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steven Pousty | 2020-12-23 23:18:32 | Re: Trusted versus untrusted Pl language |
| Previous Message | PG Doc comments form | 2020-12-23 20:24:13 | Trusted versus untrusted Pl language |