| From: | Steve White <swhite(at)aip(dot)de> |
|---|---|
| To: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: Feature request: include script file into function body |
| Date: | 2011-02-01 18:50:04 |
| Message-ID: | 20110201185004.GA7511@cashmere.aip.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi again, all,
OK I think I now know what the misunderstanding is.
> [Please don't top-post. Rearranged for clarity.]
>
> Steve White <swhite(at)aip(dot)de> wrote:
> > On 1.02.11, Tom Lane wrote:
> >> Steve White <swhite(at)aip(dot)de> writes:
> >>> It would be really nice to have a way to load script (especially
> >>> Python and Perl) from a separate file into a function body.
> >>
> >> This seems like a security hole, ie, you could use it to read any
> >> file the backend has access to.
>
> > Isn't the \i command a similar security hole?
>
> That is run by a client program on a client machine. If that is
> what you had in mind, a modification to the CREATE FUNCTION syntax
> is probably not the way to go. Just to throw a hypothetical out
> there, were you looking to effectively do a \i inside the string
> literal which is the function body, picking up a *client-side* file?
>
> That has its own problems, of course, but I'm just trying to get us
> onto the same page.
>
> -Kevin
>
I guess the "FROM filename" syntax wasn't a great choice, as it suggests
something completely different from what I was otherwise describing.
(In my own defense: I repeatedly qualified the syntax as a suggestion.)
I *DO NOT MEAN* that a query should run about grabbing files off the
server, or wherever.
I meant something like the replacement that happens with the \i command
in loading SQL, and under similar circumstances, except that somehow
non-SQL code is loadad in a function body.
Again, this would greatly facilitate programming mixed-language
programming.
Thanks!
--
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Steve White +49(331)7499-202
| E-Science Zi. 27 Villa Turbulenz
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Astrophysikalisches Institut Potsdam (AIP)
| An der Sternwarte 16, D-14482 Potsdam
|
| Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
|
| Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
| - - - - - - - - - - - - - - - - - - - - - - - - -
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2011-02-01 18:53:19 | Re: Feature request: include script file into function body |
| Previous Message | Tom Lane | 2011-02-01 18:22:43 | Re: BUG #5859: XML result in line and column |