Thanks for the answer guys. I should have mentionned that I had read the doc, and was looking for non explicit knowledge, like : - what is the reputation of plpython for a dba? - are there actual production system that use it - what would be the recommended usage perimeter ? (only administration script like function, advanced processing, etc ...)
Cheers, Rémi-C 2016-03-03 20:55 GMT+01:00 David G. Johnston <david.g.johns...@gmail.com>: > On Thu, Mar 3, 2016 at 12:35 PM, Adrian Klaver <adrian.kla...@aklaver.com> > wrote: > >> On 03/03/2016 10:09 AM, Rémi Cura wrote: >> >>> Hey List, >>> >>> would it be considered safe to use plpythonu for a production database? >>> What would be the limitations/ dangers? >>> >> >> They are explained here: >> >> http://www.postgresql.org/docs/9.5/interactive/plpython.html >> >> "PL/Python is only available as an "untrusted" language, meaning it does >> not offer any way of restricting what users can do in it and is therefore >> named plpythonu. A trusted variant plpython might become available in the >> future if a secure execution mechanism is developed in Python. The writer >> of a function in untrusted PL/Python must take care that the function >> cannot be used to do anything unwanted, since it will be able to do >> anything that could be done by a user logged in as the database >> administrator. Only superusers can create functions in untrusted languages >> such as plpythonu." >> > > See also: > > http://www.postgresql.org/docs/9.5/interactive/sql-grant.html > > GRANT { USAGE | ALL [ PRIVILEGES ] } > ON LANGUAGE lang_name [, ...] > TO role_specification [, ...] [ WITH GRANT OPTION ] > > and > > GRANT { EXECUTE | ALL [ PRIVILEGES ] } > ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, > ...] ] ) [, ...] > | ALL FUNCTIONS IN SCHEMA schema_name [, ...] } > TO role_specification [, ...] [ WITH GRANT OPTION ] > > David J. > >
