Thread: PLPythonu for production server
Hey List,
would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?
Thanks,
Cheers,
Rémi-C
On 03/03/2016 10:09 AM, Rémi Cura wrote: > Hey List, > > would it be considered safe to use plpythonu for a production database? > What would be the limitations/ dangers? They are explained here: http://www.postgresql.org/docs/9.5/interactive/plpython.html "PL/Python is only available as an "untrusted" language, meaning it does not offer any way of restricting what users can do in it and is therefore named plpythonu. A trusted variant plpython might become available in the future if a secure execution mechanism is developed in Python. The writer of a function in untrusted PL/Python must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator. Only superusers can create functions in untrusted languages such as plpythonu." > > Thanks, > Cheers, > Rémi-C -- Adrian Klaver adrian.klaver@aklaver.com
On 03/03/2016 10:09 AM, Rémi Cura wrote:Hey List,
would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?
They are explained here:
http://www.postgresql.org/docs/9.5/interactive/plpython.html
"PL/Python is only available as an "untrusted" language, meaning it does not offer any way of restricting what users can do in it and is therefore named plpythonu. A trusted variant plpython might become available in the future if a secure execution mechanism is developed in Python. The writer of a function in untrusted PL/Python must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator. Only superusers can create functions in untrusted languages such as plpythonu."
See also:
GRANT { USAGE | ALL [ PRIVILEGES ] }
ON LANGUAGE lang_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]
and
GRANT { EXECUTE | ALL [ PRIVILEGES ] }
ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]
| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]
David J.
Thanks for the answer guys.
I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?
- what is the reputation of plpython for a dba?
- are there actual production system that use it
- what would be the recommended usage perimeter ?
- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc ...)
Cheers,
Rémi-C
2016-03-03 20:55 GMT+01:00 David G. Johnston <david.g.johnston@gmail.com>:
On 03/03/2016 10:09 AM, Rémi Cura wrote:Hey List,
would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?
They are explained here:
http://www.postgresql.org/docs/9.5/interactive/plpython.html
"PL/Python is only available as an "untrusted" language, meaning it does not offer any way of restricting what users can do in it and is therefore named plpythonu. A trusted variant plpython might become available in the future if a secure execution mechanism is developed in Python. The writer of a function in untrusted PL/Python must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator. Only superusers can create functions in untrusted languages such as plpythonu."See also:GRANT { USAGE | ALL [ PRIVILEGES ] }ON LANGUAGE lang_name [, ...]TO role_specification [, ...] [ WITH GRANT OPTION ]andGRANT { EXECUTE | ALL [ PRIVILEGES ] }ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...]| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }TO role_specification [, ...] [ WITH GRANT OPTION ]David J.
On 4 March 2016 at 10:46, Rémi Cura <remi.cura@gmail.com> wrote:
Thanks for the answer guys.I should have mentionned that I had read the doc,and was looking for non explicit knowledge,like :
- what is the reputation of plpython for a dba?
Dunno.
- are there actual production system that use it
I used it in an SMS processing system and it worked like a charm. That system never made it to the production phase, though.
- what would be the recommended usage perimeter ?(only administration script like function, advanced processing, etc ...)
I would say, in general, use untrusted languages only if the trusted ones are not capable or practical for your goals. (Reading/writing/processing data outside of the database, using third party tools for processing, etc.)
Regards,
Sándor
On 03/04/2016 01:46 AM, Rémi Cura wrote: > Thanks for the answer guys. > > I should have mentionned that I had read the doc, > and was looking for non explicit knowledge, > like : > - what is the reputation of plpython for a dba? > - are there actual production system that use it > - what would be the recommended usage perimeter ? > (only administration script like function, advanced processing, etc ...) An example: http://bonesmoses.org/2016/03/04/pg-phriday-being-a-tattletale/ > > Cheers, > Rémi-C > -- Adrian Klaver adrian.klaver@aklaver.com
Thanks !
Cheers,
Rémi-C
2016-03-05 0:38 GMT+01:00 Adrian Klaver <adrian.klaver@aklaver.com>:
On 03/04/2016 01:46 AM, Rémi Cura wrote:Thanks for the answer guys.
I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?
- are there actual production system that use it
- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc ...)
An example:
http://bonesmoses.org/2016/03/04/pg-phriday-being-a-tattletale/