Or more specifically, what are the security implications of a trigger
written in an untrusted language - PL/PerlU?
With a standard stored procedure, you have the possibility of an
SQL-injection attack. Is this possible with a trigger function, if it is
defined as a trigger?
I am writing a couple of Perl modules that talk to the outside world: one
talks to a database (via DBI), and one talks to a Jabber/XMPP server. I
want to use these from within a Trigger. Do I have to taint-check the
input provided by the trigger mechanism - or does PG do this?
Thanks,
-Josh
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
