Re: DBD::PgSPI 0.02

Alex Pilosov <alex@pilosoft.com>

From: alex@pilosoft.com
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, <pgsql-hackers@postgresql.org>
Date: 2004-12-06T22:21:52Z
Lists: pgsql-hackers, pgsql-general
On Mon, 6 Dec 2004, Tom Lane wrote:

> Sure.  But you don't run your middleware as root (I hope ;-)) and you
> shouldn't run it in untrusted server-side languages either.  I agree
Actually - I don't practically care, and in fact I'm doing things that are 
unsafe...But, I agree, others may think differently ;)

> with Andrew that it's important to figure out how to make DBI usable
> in trusted plperl.  Obviously this isn't happening in time for 8.0,
> but it deserves a place on the TODO list.
It's interesting but its probably a untrivial effort to make DBI itself 
Safe-safe. Probably it would require starting with DBI::PurePerl (non-XS 
version) and adding a mode that would disable all unSafe activity (such as 
file operations etc etc)...

-alex