Tom Lane <[EMAIL PROTECTED]> writes: > elein <[EMAIL PROTECTED]> writes: > > Exactly what functions are prohibited (or acceptable) > > for a pl language in PostgreSQL to become trusted? > > Is the exact criteria list documented somewhere? > > We don't have a formal definition, but I'd say a minimum requirement > is that a function written in a trusted PL language cannot cause any > outside-the-database actions to be attempted by the backend (such as > trying to read or write any files in the server's filesystem). A > trusted-PL language should be able to define arbitrary self-contained > computations (arithmetic, pattern-matching, or what have you), and it > should be able to access the database at the same level as regular > SQL commands. It should not be able to bypass the SQL abstractions nor > execute any OS-level operations using the postgres user's privileges.
What about making network connections? That seems less harmful than filesystem access, and certainly could have legitimate uses. -Doug ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
