From: | "Greg Sabino Mullane" <greg(at)turnstep(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Executing external program from stored procedure |
Date: | 2007-10-05 15:02:15 |
Message-ID: | 460ad9e285a27c57c790b0339b4e427a@biglumber.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
> PL/Perl runs in tainted mode, so it will prevent you from
> accessing any files (which means you can relatively safely
> give an access to it for ordinary users and not worry too much
> about them doing system("rm -rf .");
Two minor nits: it's not taint mode (that's something else entirely
in Perl). Pl/Perl runns in "safe mode" via the Safe module:
http://search.cpan.org/~jhi/perl-5.8.0/ext/Opcode/Safe.pm
Also, allowing a bare system call is really the fault of the person
writing the function, and one should not rely upon trusted languages
to prevent that sort of thing. :)
> Other approach, I think a bit better, would be to devise a scheme like this:
The listen approach is a good one, I agree, especially if the actual call
takes a finite amount of time and is called from a trigger, as your insert
or update will have to wait for the external program to finish before
returning.
There are other untrusted languages (e.g. tcl) you could also try out,
but Pl/Perl is probably the most functional and best supported.
- --
Greg Sabino Mullane greg(at)turnstep(dot)com
PGP Key: 0x14964AC8 200710051101
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iD8DBQFHBlHIvJuQZxSWSsgRA2ysAJ9STQNEHtCe0MvJ911QUrHkXJ+JswCgsE0o
qUcGE9gXUbClwx3KsLAjHNE=
=g3wJ
-----END PGP SIGNATURE-----
From | Date | Subject | |
---|---|---|---|
Next Message | Craig McElroy | 2007-10-05 19:25:25 | Installing a Chained SSL Certificate |
Previous Message | Simon Riggs | 2007-10-05 09:53:48 | Re: Executing external program from stored procedure |