Re: Specification for Trusted PLs?

On Thu, May 27, 2010 at 11:23:44AM -0400, Bruce Momjian wrote:
> Tom Lane wrote:
> > Joshua Tolley <eggyknap(at)gmail(dot)com> writes:
> > > Agreed. As long as a trusted language can do things outside the
> > > database only by going through a database and calling some
> > > function to which the user has rights, in an untrusted language,
> > > that seems decent to me. A user with permissions to
> > > launch_missiles() would have a function in an untrusted language
> > > to do it, but there's no reason an untrusted language shouldn't
> > > be able to say "SELECT
> >
> > s/untrusted/trusted/ here, right?
>
> One thing that has always bugged me is that the use of
> "trusted/untrusted" for languages is confusing, because it is
> "trusted" users who can run untrusted languages. I think "trust" is
> more associated with users than with software features. I have no
> idea how this confusion could be clarified.

Sadly, I don't think it could short of a time machine. We're stuck
with an backward convention. :(

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate