| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Steve White" <swhite(at)aip(dot)de>,"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: Feature request: include script file into function body |
| Date: | 2011-02-01 17:14:26 |
| Message-ID: | 4D47EB12020000250003A0EE@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
[Please don't top-post. Rearranged for clarity.]
Steve White <swhite(at)aip(dot)de> wrote:
> On 1.02.11, Tom Lane wrote:
>> Steve White <swhite(at)aip(dot)de> writes:
>>> It would be really nice to have a way to load script (especially
>>> Python and Perl) from a separate file into a function body.
>>
>> This seems like a security hole, ie, you could use it to read any
>> file the backend has access to.
> Isn't the \i command a similar security hole?
That is run by a client program on a client machine. If that is
what you had in mind, a modification to the CREATE FUNCTION syntax
is probably not the way to go. Just to throw a hypothetical out
there, were you looking to effectively do a \i inside the string
literal which is the function body, picking up a *client-side* file?
That has its own problems, of course, but I'm just trying to get us
onto the same page.
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve White | 2011-02-01 17:31:31 | Re: Feature request: include script file into function body |
| Previous Message | Pavel Stehule | 2011-02-01 17:00:13 | Re: Feature request: include script file into function body |