Re: DBD::PgSPI 0.02
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: alex@pilosoft.com
Cc: Andrew Dunstan <andrew@dunslane.net>, Michael Fuhr <mike@fuhr.org>, Mike Rylander <mrylander@gmail.com>, pgsql-hackers@postgresql.org
Date: 2004-12-06T22:19:48Z
Lists: pgsql-hackers, pgsql-general
alex@pilosoft.com writes: > On Mon, 6 Dec 2004, Andrew Dunstan wrote: >>> . how to turn it on for trusted plperl >> [ snip ] > Errr my bad. I keep confusing trusted/untrusted. It does not allow it, nor > should it. > The purpose of PgSPI is to write 'middleware' solutions in perl - the idea > is that you can take a piece of existing client-side code and make a > server-side stored procedure out of it in a minute without any changes to > the code. Sure. But you don't run your middleware as root (I hope ;-)) and you shouldn't run it in untrusted server-side languages either. I agree with Andrew that it's important to figure out how to make DBI usable in trusted plperl. Obviously this isn't happening in time for 8.0, but it deserves a place on the TODO list. regards, tom lane