Re: Executing external program from stored procedure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


> PL/Perl runs in tainted mode, so it will prevent you from
> accessing any files (which means you can relatively safely
> give an access to it for ordinary users and not worry too much
> about them doing system("rm -rf .");

Two minor nits: it's not taint mode (that's something else entirely
in Perl). Pl/Perl runns in "safe mode" via the Safe module:

http://search.cpan.org/~jhi/perl-5.8.0/ext/Opcode/Safe.pm

Also, allowing a bare system call is really the fault of the person
writing the function, and one should not rely upon trusted languages
to prevent that sort of thing. :)

> Other approach, I think a bit better, would be to devise a scheme like this:

The listen approach is a good one, I agree, especially if the actual call
takes a finite amount of time and is called from a trigger, as your insert
or update will have to wait for the external program to finish before
returning.

There are other untrusted languages (e.g. tcl) you could also try out,
but Pl/Perl is probably the most functional and best supported.

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200710051101
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFHBlHIvJuQZxSWSsgRA2ysAJ9STQNEHtCe0MvJ911QUrHkXJ+JswCgsE0o
qUcGE9gXUbClwx3KsLAjHNE=
=g3wJ
-----END PGP SIGNATURE-----