| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | oberpwd(at)anubis(dot)network(dot)com (Wade D(dot) Oberpriller) |
| Cc: | pgsql-general(at)postgresql(dot)org (general-help postgresql) |
| Subject: | Re: executing user-defined functions |
| Date: | 2000-10-05 06:20:56 |
| Message-ID: | 28052.970726856@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
oberpwd(at)anubis(dot)network(dot)com (Wade D. Oberpriller) writes:
> I was wondering if PostgreSQL protects itself when executing user-defined
> functions?
User-written functions coded in C are insecure by definition; it's up
to you to get them right. The other available programming languages
are considerably safer.
> We are building an app where we want 3rd parties to be able to give us their
> data, and give us functions to check their data. We will insert the data into
> our database and run their functions when needed. However we don't want their
> functions to take down our system.
Don't accept C functions then...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Uckun | 2000-10-05 06:24:41 | VIEW problem |
| Previous Message | Tom Lane | 2000-10-05 06:18:51 | Re: -F option, RAM usage, more... |