| From: | Tino Wildenhain <tino(at)wildenhain(dot)de> |
|---|---|
| To: | dipti shah <shahdipti1980(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org, pgsql-novice <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: What is unsecure postgres languages? How to disable them? |
| Date: | 2010-02-22 11:38:38 |
| Message-ID: | 4B826CBE.1090706@wildenhain.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-novice |
Hi,
Am 22.02.2010 11:56, schrieb dipti shah:
> Hi,
> Could anyone please tell me what is unsecure postgres languages(like C,
> pgperl, pgpython??). How to disable them or restrict them only for super
> user?
They are already restricted for the super user because of their
"insecure" nature. That means those languages allow you full access
to the system (and even some innards of postgresql) with the rights
of the postgresql process. You can remove the language handlers:
http://www.postgresql.org/docs/8.1/static/app-droplang.html
If you wish. Apart from that there is no more risk attached to them
unless you are super user or write insecure functions with them
then say with the copy command.
Regards
Tino Wildenhain
| From | Date | Subject | |
|---|---|---|---|
| Next Message | beulah prasanthi | 2010-02-22 11:46:30 | TypeCast: util.list to array type |
| Previous Message | beulah prasanthi | 2010-02-22 11:10:41 | helo |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | adam_pgsql | 2010-02-22 12:14:18 | Re: Changing databases / schemas |
| Previous Message | Machiel Richards | 2010-02-22 11:29:30 | Changing databases / schemas |