[Please don't top-post. Rearranged for clarity.]
Steve White <swhite@aip.de> wrote:
> On 1.02.11, Tom Lane wrote:
>> Steve White <swhite@aip.de> writes:
>>> It would be really nice to have a way to load script (especially
>>> Python and Perl) from a separate file into a function body.
>>
>> This seems like a security hole, ie, you could use it to read any
>> file the backend has access to.
> Isn't the \i command a similar security hole?
That is run by a client program on a client machine. If that is
what you had in mind, a modification to the CREATE FUNCTION syntax
is probably not the way to go. Just to throw a hypothetical out
there, were you looking to effectively do a \i inside the string
literal which is the function body, picking up a *client-side* file?
That has its own problems, of course, but I'm just trying to get us
onto the same page.
-Kevin