| From: | alex(at)pilosoft(dot)com |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: DBD::PgSPI 0.02 |
| Date: | 2004-12-06 22:21:52 |
| Message-ID: | Pine.LNX.4.44.0412061716480.10941-100000@bawx.pilosoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On Mon, 6 Dec 2004, Tom Lane wrote:
> Sure. But you don't run your middleware as root (I hope ;-)) and you
> shouldn't run it in untrusted server-side languages either. I agree
Actually - I don't practically care, and in fact I'm doing things that are
unsafe...But, I agree, others may think differently ;)
> with Andrew that it's important to figure out how to make DBI usable
> in trusted plperl. Obviously this isn't happening in time for 8.0,
> but it deserves a place on the TODO list.
It's interesting but its probably a untrivial effort to make DBI itself
Safe-safe. Probably it would require starting with DBI::PurePerl (non-XS
version) and adding a mode that would disable all unSafe activity (such as
file operations etc etc)...
-alex
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jamie Deppeler | 2004-12-06 22:22:51 | Detecting Temporary Tables |
| Previous Message | Tom Lane | 2004-12-06 22:19:48 | Re: DBD::PgSPI 0.02 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-12-06 22:27:32 | Re: somebody working on: Prevent default re-use of sysids for dropped users and groups? |
| Previous Message | Tom Lane | 2004-12-06 22:19:48 | Re: DBD::PgSPI 0.02 |