Alexandre da Silva wrote:
> Hello,
> someone can tell me if is secure to create external python modules and
> import them to functions/procedures/triggers to use?
Its fine as long as you trust the users with write access to your PYTHONP=
ATH.
> Another question is that I have read in some discussion list (old
> message year 2003) the possibility of plpython be removed from
> postgresql, this information is valid yet?
plpython !=3D plpythonu.
plpython was the 'secure' sandboxed version. The Python devs gave up
supporting any sort of sandboxing feature in Python declaring it impossib=
le.
plpythonu is unrestricted, so if you have the ability to create plpythonu=
stored procedures you effectively have full filesystem access on your
database server as the user your database is running as. So don't put
open('/etc/passwd','w') in your plpythonu code.
--=20
Stuart Bishop <stuart@stuartbishop.net>
http://www.stuartbishop.net/
