Re: Specification for Trusted PLs?
| От | Bruce Momjian |
|---|---|
| Тема | Re: Specification for Trusted PLs? |
| Дата | |
| Msg-id | 201005300223.o4U2NkA12883@momjian.us обсуждение исходный текст |
| Ответ на | Re: Specification for Trusted PLs? (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
Robert Haas wrote: > On Sat, May 22, 2010 at 4:53 PM, C?dric Villemain > <cedric.villemain.debian@gmail.com> wrote: > > 2010/5/21 Jan Wieck <JanWieck@yahoo.com>: > >> The original idea was that a trusted language does not allow an unprivileged > >> user to gain access to any object or data, he does not have access to > >> without that language. > >> > >> This does not include data transformation functionality, like string > >> processing or the like. As long as the user had legitimate access to the > >> input datum, then every derived form thereof is OK. > > > > I find the current doc enough, add this prose from Jan as a comment > > might help people perhaps. > > Yeah, Jan's description is very clear and to the point. The attached, applied patch clarifies the meaning of "trusted language" in the documentation using Jan's description. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com Index: doc/src/sgml/xplang.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/xplang.sgml,v retrieving revision 1.37 diff -c -c -r1.37 xplang.sgml *** doc/src/sgml/xplang.sgml 3 Apr 2010 07:22:56 -0000 1.37 --- doc/src/sgml/xplang.sgml 30 May 2010 02:21:53 -0000 *************** *** 151,158 **** <optional>VALIDATOR <replaceable>validator_function_name</replaceable></optional> ; </synopsis> The optional key word <literal>TRUSTED</literal> specifies that ! ordinary database users that have no superuser privileges should ! be allowed to use this language to create functions and trigger procedures. Since PL functions are executed inside the database server, the <literal>TRUSTED</literal> flag should only be given for languages that do not allow access to database server --- 151,160 ---- <optional>VALIDATOR <replaceable>validator_function_name</replaceable></optional> ; </synopsis> The optional key word <literal>TRUSTED</literal> specifies that ! the language does not grant access to data that the user would ! not otherwise have. Trusted languages are designed for ordinary ! database users (those without superuser privilege) and allows them ! to safely create of functions and trigger procedures. Since PL functions are executed inside the database server, the <literal>TRUSTED</literal> flag should only be given for languages that do not allow access to database server Index: doc/src/sgml/ref/create_language.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/ref/create_language.sgml,v retrieving revision 1.50 diff -c -c -r1.50 create_language.sgml *** doc/src/sgml/ref/create_language.sgml 3 Apr 2010 07:22:58 -0000 1.50 --- doc/src/sgml/ref/create_language.sgml 30 May 2010 02:21:53 -0000 *************** *** 104,114 **** <listitem> <para> ! <literal>TRUSTED</literal> specifies that ! the language is safe, that is, it does not offer an ! unprivileged user any functionality to bypass access ! restrictions. If this key word is omitted when registering the ! language, only users with the <productname>PostgreSQL</productname> superuser privilege can use this language to create new functions. </para> --- 104,113 ---- <listitem> <para> ! <literal>TRUSTED</literal> specifies that the language does ! not grant access to data that the user would not otherwise ! have. If this key word is omitted ! when registering the language, only users with the <productname>PostgreSQL</productname> superuser privilege can use this language to create new functions. </para>
В списке pgsql-hackers по дате отправления:
Следующее
От: Bruce MomjianДата:
Сообщение: Re: [RFC][PATCH]: CRC32 is limiting at COPY/CTAS/INSERT ... SELECT + speeding it up