Tom Lane wrote:
>Peter Eisentraut <peter_e@gmx.net> writes:
>
>
>>The other problem I see emerging here is that in certain environments,
>>the "java" language may not be trusted, such as when it is compiled
>>with GCJ.
>>
>>
Well, yes. But use the word environment in singular please :-) To my
knowledge the security is full-proof with all other VM's since they all
use the standard runtime libraries. The GCJ support is as experimental
as the GCJ in itself and cannot be trusted in production.
>
>Hmm, is that really the case? I thought Java is Java.
>
>
GCJ is a clean house implementation of Java. They don't use the runtime
libraries from Sun and they are not really there yet in their efforts to
copy the functionality. One of the things that lag behind is security.
They hope to have a better security implementation before the year end
but there's no promise.
>>Then, this built-in template will override the CREATE
>>LANGUAGE specification and introduce a security hole.
>>
>>
>
>But it's exactly the same hole the user would create by manually saying
>CREATE TRUSTED LANGUAGE in error. I don't think that's a reasonable
>argument against the template idea --- it just says that you have to be
>aware of what you're doing.
>
>(An appropriate solution, in my mind, would be to drop the trusted call
>handler from the shared library if it's built with gcj --- then there's
>really no possibility of doing the wrong thing.)
>
>
That's a though although I'm not sure we would gain anything. No PL/Java
binaries are provided that run with GCJ. You have to compile from source
using some specific settings. If you are skilled enough to experiment
with that, then there's a good chance you are able to tweak the source
to enable the trusted call handler also.
Regards,
Thomas Hallgren