Hi again,
Now that I know what got you all riled, I can propose something that
might be more satisfactory. See below.
On 1.02.11, Steve White wrote:
> Hi again, all,
>
> OK I think I now know what the misunderstanding is.
>
> > [Please don't top-post. Rearranged for clarity.]
> >
> > Steve White <swh...@aip.de> wrote:
> > > On 1.02.11, Tom Lane wrote:
> > >> Steve White <swh...@aip.de> writes:
> > >>> It would be really nice to have a way to load script (especially
> > >>> Python and Perl) from a separate file into a function body.
> > >>
> > >> This seems like a security hole, ie, you could use it to read any
> > >> file the backend has access to.
> >
> > > Isn't the \i command a similar security hole?
> >
> > That is run by a client program on a client machine. If that is
> > what you had in mind, a modification to the CREATE FUNCTION syntax
> > is probably not the way to go. Just to throw a hypothetical out
> > there, were you looking to effectively do a \i inside the string
> > literal which is the function body, picking up a *client-side* file?
> >
> > That has its own problems, of course, but I'm just trying to get us
> > onto the same page.
> >
> > -Kevin
> >
> I guess the "FROM filename" syntax wasn't a great choice, as it suggests
> something completely different from what I was otherwise describing.
> (In my own defense: I repeatedly qualified the syntax as a suggestion.)
>
> I *DO NOT MEAN* that a query should run about grabbing files off the
> server, or wherever.
>
> I meant something like the replacement that happens with the \i command
> in loading SQL, and under similar circumstances, except that somehow
> non-SQL code is loadad in a function body.
>
> Again, this would greatly facilitate programming mixed-language
> programming.
>
Try this instead:
================================================
CREATE OR REPLACE FUNCTION
myfunc( ... )
RETURNS VOID AS '#PGSQL_IMPORT filename' LANGUAGE PLPYTHONU;
================================================
This would work something like this:
The script interpeter would scan the body code for comments that
start exactly with PGSQL_IMPORT. Whereever they are found, it would
attempt to open and include the text (failing appropriately if the
file can't be read).
Of course, this is language-dependent, but for any given lanugage,
something like that will work.
What do you think?
--
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Steve White +49(331)7499-202
| E-Science Zi. 27 Villa Turbulenz
| - - - - - - - - - - - - - - - - - - - - - - - - -
| Astrophysikalisches Institut Potsdam (AIP)
| An der Sternwarte 16, D-14482 Potsdam
|
| Vorstand: Prof. Dr. Matthias Steinmetz, Peter A. Stolz
|
| Stiftung privaten Rechts, Stiftungsverzeichnis Brandenburg: III/7-71-026
| - - - - - - - - - - - - - - - - - - - - - - - - -
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
