Magnus Hagander wrote:
>
>Instead of trying to pick on one feature, how about trying something
>constructive instead? Let's say we add a GUC like "restrict_superuser",
>that disables COPY to local files, untrusted procedural languages (both
>creation and using the ones that already exist), the new access
>functions, the LOAD command etc. Then the admin can chose what to do
>about superuser access levels - the requirement may dependon SELinux for
>example.
>
>
I could go for this.
Creating a setting that disallowed creation/calling of plperlu
functions would be fairly trivial.
I still think, security considerations aside, that an API for config
settings would be a much better piece of design than providing file
system access functions.
cheers
andrew
