Re: Attention PL authors: want to be listed in template table?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Thomas Hallgren <thhal(at)mailblocks(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Attention PL authors: want to be listed in template table?
Date: 2005-09-07 19:55:20
Message-ID: 29347.1126122920@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> The other problem I see emerging here is that in certain environments,
> the "java" language may not be trusted, such as when it is compiled
> with GCJ.

Hmm, is that really the case? I thought Java is Java.

> Then, this built-in template will override the CREATE
> LANGUAGE specification and introduce a security hole.

But it's exactly the same hole the user would create by manually saying
CREATE TRUSTED LANGUAGE in error. I don't think that's a reasonable
argument against the template idea --- it just says that you have to be
aware of what you're doing.

(An appropriate solution, in my mind, would be to drop the trusted call
handler from the shared library if it's built with gcj --- then there's
really no possibility of doing the wrong thing.)

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message mark 2005-09-07 20:10:17 Re: uuid type for postgres
Previous Message Jim C. Nasby 2005-09-07 19:46:24 Re: uuid type for postgres