Sean Reifschneider <jafo@tummy.com> writes:
> For those unfamiliar with it, rexec provides a restricted execution
> environment, limiting access to certain Python and system routines.
> This functionality is being deprecated in Python, due to security
> problems and lack of maintainership to resolve them...
Is no substitute solution being offered?
> It may be appropriate to just remove the rexec, with the result being
> that PL/Python code will be able to have access to basically anything on
> the system as the user PostgreSQL is running as.
We would have to change it to an untrusted language. We could do that,
but it would mean a major reduction in the usefulness of plpython.
Few DBAs of average paranoia levels want to give superuser access to
their database users.
regards, tom lane