Index: doc/src/sgml/plperl.sgml
===================================================================
RCS file: /home/cvs/pgsql/pgsql/doc/src/sgml/plperl.sgml,v
retrieving revision 2.8
diff --unified -r2.8 plperl.sgml
--- doc/src/sgml/plperl.sgml 2001/05/12 22:51:35 2.8
+++ doc/src/sgml/plperl.sgml 2001/06/22 20:31:12
@@ -20,7 +20,8 @@
- The PL/Perl intepreter is a full Perl interpreter. However, certain
+ The PL/Perl interpreter (when installed as trusted interpreter with
+ default name 'plperl') intepreter is a full Perl interpreter. However, certain
operations have been disabled in order to maintain the security of
the system. In general, the operations that are restricted are
those that interact with the environment. This includes filehandle
@@ -28,6 +29,11 @@
(for external modules). It should be noted that this security is
not absolute. Indeed, several Denial-of-Service attacks are still
possible - memory exhaustion and endless loops are two examples.
+
+
+
+ When PL/Perl is installed as 'untrusted' interpreter (with name 'plperlu'),
+ everything is permitted, and any perl code can be loaded (by superuser only).
@@ -77,6 +83,11 @@
$ createlang plperl template1
+ Alternatively, to create untrusted interpreter (where functions can only
+be created by superuser, but the functions are not restricted), use:
+
+$ createlang plperlu template1
+
If it is installed into template1, all future databases will have
the language installed automatically.
@@ -157,6 +168,15 @@
' LANGUAGE 'plperl';
The creation of the function will succeed, but executing it will not.
+
+ Note that if same function was created by superuser using language
+ 'plperlu', execution would succeed.
+
+
+ Access to database itself from your perl function can be done via
+ an experimental module DBD::PgSPI, available at this site. This module makes available a DBI-compliant
+ database-handle named $pg_dbh, and you can use that to make queries with
+ normal DBI syntax.