Home > mailing lists

Re: Feature request: include script file into function body - Mailing list pgsql-bugs

From	Kevin Grittner
Subject	Re: Feature request: include script file into function body
Date	February 1, 2011 16:14:42
Msg-id	4D47EB12020000250003A0EE@gw.wicourts.gov Whole thread Raw
In response to	Re: Feature request: include script file into function body (Steve White <swhite@aip.de>)
Responses	Re: Feature request: include script file into function body (Steve White <swhite@aip.de>) Re: Feature request: include script file into function body (Steve White <swhite@aip.de>)
List	pgsql-bugs

Tree view

[Please don't top-post.  Rearranged for clarity.]

Steve White <swhite@aip.de> wrote:
> On  1.02.11, Tom Lane wrote:
>> Steve White <swhite@aip.de> writes:
>>> It would be really nice to have a way to load script (especially
>>> Python and Perl) from a separate file into a function body.
>>
>> This seems like a security hole, ie, you could use it to read any
>> file the backend has access to.

> Isn't the \i command a similar security hole?

That is run by a client program on a client machine.  If that is
what you had in mind, a modification to the CREATE FUNCTION syntax
is probably not the way to go.  Just to throw a hypothetical out
there, were you looking to effectively do a \i inside the string
literal which is the function body, picking up a *client-side* file?

That has its own problems, of course, but I'm just trying to get us
onto the same page.

-Kevin

pgsql-bugs by date:

From: Pavel Stehule
Date: 01 February 2011, 16:01:03
Subject: Re: Feature request: include script file into function body

From: Steve White
Date: 01 February 2011, 16:31:40
Subject: Re: Feature request: include script file into function body

Re: Feature request: include script file into function body - Mailing list pgsql-bugs

Previous

Next