Re: Possible major bug in PlPython (plus some other ideas)

Has this all been addressed? Are there any TODO items here?

---------------------------------------------------------------------------

> Bradley McLean <brad(at)bradm(dot)net> writes:
> > (Everyone) Would a patch to add trusted language support be accepted
> > for 7.2, or is it too late?
>
> I think the code in there already is the trusted case, no? The addition
> would be an untrusted mode for plpython.
>
> trusted = language handler prevents security violations, so unprivileged
> users are allowed to define functions in the language (ie, we trust the
> language itself to prevent security breaches)
>
> untrusted = language allows user to access things outside database,
> so only Postgres superusers are allowed to define functions in the
> language (ie, we must trust the function author instead of the language)
>
> In any case, a second security level in plpython would clearly be a new
> feature, and so I'd say it's too late to consider it for 7.2. All that
> we want to do at this point is verify Kevin's proposed patch for the
> existing security level. But certainly a "plpythonu" addition would
> be welcome for 7.3.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026