| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-09 03:57:17 |
| Message-ID: | 20070709035717.GS4887@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
* Joe Conway (mail(at)joeconway(dot)com) wrote:
> Consider a scenario like "package <x> uses <arbitrary function y in an
> untrusted language z>". Exact same concerns arise.
No, it doesn't... Said arbitrary function in y, in untrusted language
z, could be perfectly safe for users to call. Being written in an
untrusted language has got next to nothing to do with the security
implications of a particular function. It depends entirely on what the
function is *doing*, not what language it's written in.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gregory Stark | 2007-07-09 04:01:27 | Re: dblink connection security |
| Previous Message | Stephen Frost | 2007-07-09 03:55:28 | Re: dblink connection security |