Peter Eisentraut <peter_e@gmx.net> writes:
> Thomas Hallgren wrote:
>> PL/Java is designed to run perfectly safe with a JVM that has the
>> correct features implemented. GCJ has serious issues with security
>> and I don't see that PL/Java, nor PostgreSQL should make any attempt
>> to fix them.
> Well, we had a similar discussion about the time when the Python
> security support was decreed nonexistent by its author. Clearly,
> people still use Python, and people still use PL/Python. It's really
> easy to spread a panic by claiming that GCJ has "no security". That's
> clearly wrong because GCJ can be used safely in many useful situations.
Actually, I've just been discussing this with Red Hat's gcj people in
connection with a different project. What they say is that the Java
security manager is completely implemented now, but what is still
missing is that it's possible to bypass Java security if you can execute
untrusted bytecode. So if I understand correctly, a gcj environment is
secure as long as you can prevent hacked-up class files from getting
into your classpath.
regards, tom lane
