elein <elein@varlena.com> writes:
> Perhaps this should be asked on the interfaces list, but...
> Exactly what functions are prohibited (or acceptable)
> for a pl language in PostgreSQL to become trusted?
> Is the exact criteria list documented somewhere?
We don't have a formal definition, but I'd say a minimum requirement
is that a function written in a trusted PL language cannot cause any
outside-the-database actions to be attempted by the backend (such as
trying to read or write any files in the server's filesystem). A
trusted-PL language should be able to define arbitrary self-contained
computations (arithmetic, pattern-matching, or what have you), and it
should be able to access the database at the same level as regular
SQL commands. It should not be able to bypass the SQL abstractions nor
execute any OS-level operations using the postgres user's privileges.
> Since C is wide open, why is it considered trusted,
> or is it?
It isn't.
regards, tom lane