Re: DBD::PgSPI 0.02

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: alex@pilosoft.com
Cc: Andrew Dunstan <andrew@dunslane.net>, Michael Fuhr <mike@fuhr.org>, Mike Rylander <mrylander@gmail.com>, pgsql-hackers@postgresql.org
Date: 2004-12-06T22:19:48Z
Lists: pgsql-hackers, pgsql-general
alex@pilosoft.com writes:
> On Mon, 6 Dec 2004, Andrew Dunstan wrote:
>>> . how to turn it on for trusted plperl
>> [ snip ]

> Errr my bad. I keep confusing trusted/untrusted. It does not allow it, nor 
> should it. 

> The purpose of PgSPI is to write 'middleware' solutions in perl - the idea
> is that you can take a piece of existing client-side code and make a
> server-side stored procedure out of it in a minute without any changes to
> the code. 

Sure.  But you don't run your middleware as root (I hope ;-)) and you
shouldn't run it in untrusted server-side languages either.  I agree
with Andrew that it's important to figure out how to make DBI usable
in trusted plperl.  Obviously this isn't happening in time for 8.0,
but it deserves a place on the TODO list.

			regards, tom lane