Hi Kevin,
On 1.02.11, Kevin Grittner wrote:
> [Please don't top-post. Rearranged for clarity.]
>
As you like.
> Steve White <swh...@aip.de> wrote:
> > On 1.02.11, Tom Lane wrote:
> >> Steve White <swh...@aip.de> writes:
> >>> It would be really nice to have a way to load script (especially
> >>> Python and Perl) from a separate file into a function body.
> >>
> >> This seems like a security hole, ie, you could use it to read any
> >> file the backend has access to.
>
> > Isn't the \i command a similar security hole?
>
> That is run by a client program on a client machine.
Sorry I don't understand this remark.
Are you saying that \i is disabled to user postgres?
Just tried: it isn't.
Are you saying that as a normal user I can use \i to load a file that I
don't normally have access to?
Just tried: nope -- permission denied.
What scenario do you have in mind?
> If that is what you had in mind, a modification to the CREATE FUNCTION syntax
> is probably not the way to go. Just to throw a hypothetical out
> there, were you looking to effectively do a \i inside the string
> literal which is the function body, picking up a *client-side* file?
>
> That has its own problems, of course,
If I understand what you're proposing: write a PostgreSQL function
with LANGUAGE PLPYTHONU, and inside the function body load the file
with \i. Is that it?
I already tried it, and it doesn't work for the obvious reason:
The function body is interpreted as being of the other language, in
which "\i" is a syntax error. Some other attempts are also mentioned
in the pgsql-general posting
http://archives.postgresql.org/pgsql-general/2011-01/msg00870.php
I'm not married to the syntax I suggested. The functionality I want is
to separate the function body code from the SQL code.
> ... but I'm just trying to get us onto the same page.
>
By all means.
It is clear we aren't on the same page: I'm not grasping the objections,
and you probably haven't been doing the coding that makes this mixing of
languages in one file such a nuisance.
Let's keep bashing it around.
--
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Steve White +49(331)7499-202
| E-Science Zi. 27 Villa Turbulenz
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Astrophysikalisches Institut Potsdam (AIP)
| An der Sternwarte 16, D-14482 Potsdam
|
| Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
|
| Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
| - - - - - - - - - - - - - - - - - - - - - - - - -
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
