From: | Steven Pousty <steve(dot)pousty(at)gmail(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Pg Docs <pgsql-docs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Trusted versus untrusted Pl language |
Date: | 2020-12-24 21:35:07 |
Message-ID: | CAKmB1PGk4tqV9TRNN2fXtLc7uV7vRNdrpJZDDKwKzkuaEsupGw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
Ok David but that is not what I have heard from a lot of other people in
the PostgreSQL community.
On Thu, Dec 24, 2020 at 1:26 PM David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Thu, Dec 24, 2020 at 1:01 PM Steven Pousty <steve(dot)pousty(at)gmail(dot)com>
> wrote:
>
>> The SQL I am talking about is this:
>> UPDATE pg_language SET lanpltrusted = true WHERE lanname LIKE 'plr';
>>
>
> You seem to be missing the point. The language is either trusted, or it's
> not. Modifying the catalogs is not part of a "good flow", ever. In short,
> "don't use trusted languages ever". If a specific requirement can only be
> implemented using a trusted language maybe there is a reason to use it - in
> development and production (if your DBA will let you) - but more likely you
> are better off writing an out-of-database client application and doing the
> "trusted" stuff there.
>
> David J.
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-12-24 21:48:49 | Re: Trusted versus untrusted Pl language |
Previous Message | David G. Johnston | 2020-12-24 21:26:39 | Re: Trusted versus untrusted Pl language |