Thread: Triggers & Compiled C Language Functions

Triggers & Compiled C Language Functions

From
Andrew Burr
Date:
Hello all,
I was wondering if someone could tell me if it is possible to create a C
function (or a stored procedure) that basically does a ldap lookup? So,
on INSERT I would pass a user name to the ldap funtion and the ldap
function would help populate another table. Or are there security
restrictions that make this (socket operations) impossible.

What are all the security restrictions on stored procedures and compiled
C language functions?


--

Andrew Burr
Network Security Operations
andrew.burr@level3.com
720.888.8006


Re: Triggers & Compiled C Language Functions

From
Tom Lane
Date:
Andrew Burr <andrew.burr@level3.com> writes:
> What are all the security restrictions on stored procedures and compiled
> C language functions?

A C-coded function can do any durn thing you feel like programming;
there are no (and can't be any, AFAICS) security restrictions on it.

You should, however, think twice about how the external interactions
you intend will interact with Postgres' transaction model.  Some
questions: if the transaction that called your function later gets
rolled back, would you wish that the external call had not been made?
If two different transactions invoke the C function, will it bother
you if the database thinks that transaction A logically precedes
transaction B even though the call order of the C function was B
before A?  What if one of the two transactions later rolls back,
but the other still wants to commit?

It's real easy to shoot yourself in the foot in this realm.

            regards, tom lane