Postgres Pro
Downloads
Home   >   mailing lists

Re: PLPythonu for production server - Mailing list pgsql-general

From David G. Johnston
Subject Re: PLPythonu for production server
Date
Msg-id CAKFQuwYBzDOmw09fh4EAMSbT+w5=c3Mg1oKuxgMtxOJ7-t_yKg@mail.gmail.com
Whole thread Raw
In response to Re: PLPythonu for production server  (Adrian Klaver <adrian.klaver@aklaver.com>)
Responses Re: PLPythonu for production server  (Rémi Cura <remi.cura@gmail.com>)
List pgsql-general
Tree view
On Thu, Mar 3, 2016 at 12:35 PM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 03/03/2016 10:09 AM, Rémi Cura wrote:
Hey List,

would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?

 They are explained here:

http://www.postgresql.org/docs/9.5/interactive/plpython.html

"PL/Python is only available as an "untrusted" language, meaning it does not offer any way of restricting what users can do in it and is therefore named plpythonu. A trusted variant plpython might become available in the future if a secure execution mechanism is developed in Python. The writer of a function in untrusted PL/Python must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator. Only superusers can create functions in untrusted languages such as plpythonu."

​See also:


GRANT { USAGE | ALL [ PRIVILEGES ] }
    ON LANGUAGE lang_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

​and

​GRANT { EXECUTE | ALL [ PRIVILEGES ] }
    ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]
         | ALL FUNCTIONS IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

David J.

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: PLPythonu for production server
Next
From: Michael Omotayo Akinde
Date:
Subject: Re: C function migration from 9.2 to 9.5