Home > mailing lists

Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH] - Mailing list pgsql-hackers

From	David E. Wheeler
Subject	Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]
Date	February 3, 2010 18:17:00
Msg-id	3CCBD590-1927-4F1E-960C-4CB0E9F53E15@kineticode.com Whole thread Raw
In response to	Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH] (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Feb 3, 2010, at 11:04 AM, Tom Lane wrote:

> What I was actually wondering about, however, is the extent to which
> the semantics of Perl code could be changed from an on_init hook ---
> is there any equivalent of changing search_path or otherwise creating
> trojan-horse code that might be executed unexpectedly?

Yes.

> And if so is
> there any point in trying to guard against it?

No. This is Perl we're talking about. The DBA should vet code before putting it into on_perl_init.

> AIUI there isn't
> anything that can be done in on_init that couldn't be done in somebody
> else's function anyhow.

Correct.

Best,

David

pgsql-hackers by date:

From: Joshua Tolley
Date: 03 February 2010, 18:15:47
Subject: Making pg_config and pg_controldata output available via SQL

From: Robert Haas
Date: 03 February 2010, 18:17:23
Subject: Re: PG 9.0 and standard_conforming_strings

Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH] - Mailing list pgsql-hackers

Previous

Next