Re: plperl user function
От | Sean Davis |
---|---|
Тема | Re: plperl user function |
Дата | |
Msg-id | 3e610801c25516f2be4dcaa14c2b8a5e@mail.nih.gov обсуждение исходный текст |
Ответ на | Re: plperl user function ("Keith Worthington" <keithw@narrowpathinc.com>) |
Список | pgsql-interfaces |
On Apr 22, 2005, at 8:29 AM, Keith Worthington wrote: > >>> This leaves me with two questions. >>> 1) Why can I not use "use strict;" or "use warnings;" as they are >>> apparently good perl programming practice. I say apparently >>> because if you remember I started learning this language 3 days >>> ago and must be considered a neophyte. :-) > >> You can't use "use" instruction for security reason. All disk access >> are denied and use need a disk access. >> >> I think you need to use plperlu. > > Yes. That fixed my use problems. I am not sure I like the idea of > using an > untrusted language. I wonder if it causes a potential security issue. > >> 2) What is wrong with the use of RETURN? > > According to Michael (whose email I can't access at the moment) it has > to be > lowercase. I never dreamed Perl would be case sensitive but after > changing > the case, voila! :-) Yep. Perl is case-sensitive throughout. > >>> Another question: Is there an issue with using the untrusted perl >>> language? >> >> IIRC you have to be a postgresql superuser (postgres) to execute an >> untrusted language function. > > I just tested the untrusted function using a normal user and it worked. > >>> If the code is tested and working is there any real reason to >>> continue to have "use strict;" and "use warnings;" in the function? >> >> Only for manageability in the future. > > Hmmm well I have this gut feeling that it is better to use a trusted > language > than an untrusted one but I have no idea if that is supported by fact. > My > inclination is that now that the function is working and tested that I > should > comment out the two "use" commands and recreate the function with the > trusted > version. > The security concerns are real, but I PERSONALLY write most of my pl/perl functions using the untrusted version. Execution of the untrusted function should generally not be a security concern, I don't think. There are some very specific situations where you could imagine things going bad. However, in general, I think the ability to "use strict" and have all of the modules on CPAN available (perl mantra--"Use the CPAN") for use FAR outweigh the very slightly more energy it takes for me to create a safe function that does not destroy enviroment variables, write to user-specified directories, or execute system-level commands (like rm, as a nasty example) without safeguards in place. All that said, I lead a pretty sheltered life (behind THREE firewalls with only three users on a dedicated postgres server box, all of whom are sitting within earshot of me), so you may need to be more paranoid than I am. Sean
В списке pgsql-interfaces по дате отправления: