Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH]
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tim Bunce <Tim.Bunce@pobox.com>, pgsql-hackers@postgresql.org
Date: 2010-01-28T17:02:49Z
Lists: pgsql-hackers
Tom Lane wrote: > > Isn't it a security hole if on_trusted_init is USERSET? That means > an unprivileged user can determine what will happen in plperlu. > SUSET would be saner. > ITYM on_untrusted_init. cheers andrew