Re: Creating functions and triggers - Mailing list pgsql-general
| From | Network Administrator |
|---|---|
| Subject | Re: Creating functions and triggers |
| Date | |
| Msg-id | 1052834796.3ec0fbec17224@webmail.vcsn.com Whole thread Raw |
| In response to | Re: Creating functions and triggers (Dennis Gearon <gearond@cvc.net>) |
| Responses |
Re: Creating functions and triggers
|
| List | pgsql-general |
I had a thought/question 'bout this since I was reading some stuff on triggers- especially PL/Perl (sec. 21.4 in the 7.3 Programmer Docs). Isn't the simple answer to this based on the fact that a PL installed as "trusted" will not allow you to execute things that violate localization? Furthermore, if a language is installed as "untrusted", doesn't it prevent non-admin users from using it? Or is this only for PL/Perl? -- Keith C. Perry Director of Networks & Applications VCSN, Inc. http://vcsn.com Quoting Dennis Gearon <gearond@cvc.net>: > Whatever program or client which is supplying query could just as easily run > shell scripts. And for people who follow behind you in this design, it will > be much less confusing and a more common side effect of the script language > to execute a shell script, than for a database to execute a shell script. > > What does an AFTER trigger have to do with a shell script anyway? > > There's a software term called 'localization', unrelated to character sets, > which means that code running in one place of a program or a suite of program > in an application, should only have 'local effect'. Any other changes to take > place because of one action in one part of a program, should be passed to the > code nearest the target of changes. > > It's like talking to the payroll clerk about the lousy accounting practices > by the accounting dept. You don't expect the payroll clerk to be married or > sleeping with the accountant dept head and your comments to immediately have > effects in the accounting dept, (gossip notwithstanding). > > scott.marlowe wrote: > > Bzzzzzzzzt. WRONG. But thanks for playing. > > > > Generally speaking, createing triggers and functions to go with > > them is a safer way of setting up access to your data than allowing Joe Q > > Programmer full update/insert/delete access. > > > > Paul, Bruce Momjian's postgresql book has a nice little section on writing > > > triggers / functions in plpgsql and a few other languages, and there are > > some examples throughout the docs that show you how to, although they > > aren't all collected in one place (one example might be in the trigger > > section, the next in the plpgsql section.) > > > > So, Dennis, how do I write a PHP script that does the equivalent of firing > > > an after trigger? > > > > On Wed, 7 May 2003, Dennis Gearon wrote: > > > > > >>HOLY S**T! > >> > >><rant> > >>You are basically setting yourself up for a MICROSOFT sized security > >>hole. Can you say, "Seeqwell Server?" > >> > >>You'd be MUCH better off using a PHP, PERL, ASP, JAVA, COLD FUSION, etc. > >>script for doing that. THOSE places are the focus for much work in > >>preventing the misuse of system resources from an end user perspective. > >> > >>DATABASES are for holding data, and their relationships. > >> > >></rant> > >> > >>"Fontenot, Paul" wrote: > >> > >>>Is there a good, hold your hand type of tutorial or howto on creating > >>>functions and triggers and using them together? I'm learning PostgreSQL > >>>after spending years with MySQL and the information at > >>>techdocs.postgresql.org - while good, is a little deep for me right now. > >>>Specificly I would like to be able to read something that will tell me > >>>how to create a function that will can run a shell script when certain > >>>words are entered into a record. Thanks for your time and guidance. > >>> > >>> ***PRIVILEGED & CONFIDENTIAL*** > >>>Unless expressly stated otherwise, this message (and any attachment(s) > >>>thereto) is confidential and may be privileged. It is intended for the > >>>addressee(s) only. If you are not an addressee, any disclosure or > >>>copying of the contents of this e-mail or any action taken (or not > >>>taken) in reliance on it is strictly prohibited. If you are not an > >>>addressee, please inform sender immediately and delete this message from > >>>your system. > >>> > >>>---------------------------(end of broadcast)--------------------------- > >>>TIP 5: Have you checked our extensive FAQ? > >>> > >>>http://www.postgresql.org/docs/faqs/FAQ.html > >> > >> > >>---------------------------(end of broadcast)--------------------------- > >>TIP 2: you can get off all lists at once with the unregister command > >> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > >> > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > ____________________________________ This email account is being host by: VCSN, Inc : http://vcsn.com
pgsql-general by date: