Re: dblink connection security
| От | Joe Conway |
|---|---|
| Тема | Re: dblink connection security |
| Дата | |
| Msg-id | 4691B486.4090309@joeconway.com обсуждение исходный текст |
| Ответ на | Re: dblink connection security (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: dblink connection security
|
| Список | pgsql-patches |
Stephen Frost wrote:
> * Joe Conway (mail@joeconway.com) wrote:
>> Consider a scenario like "package <x> uses <arbitrary function y in an
>> untrusted language z>". Exact same concerns arise.
>
> No, it doesn't... Said arbitrary function in y, in untrusted language
> z, could be perfectly safe for users to call.
^^^^^
*Could* be. But we just said that the admin was not interested in
reading the documentation, and has no idea if it *is* safe. And, it very
well might not be safe. We have no way to know in advance because the
language is untrusted.
> Being written in an untrusted language has got next to nothing to do with the security
> implications of a particular function. It depends entirely on what the
> function is *doing*, not what language it's written in.
Sure it matters. A function written in a trusted language is known to be
safe, a priori. A function written in an untrusted language has no such
guarantees, and therefore has to be assumed unsafe unless carefully
proved otherwise.
Joe
В списке pgsql-patches по дате отправления: