On Thu, Mar 3, 2016 at 12:35 PM, Adrian Klaver <adrian.kla...@aklaver.com> wrote:
> On 03/03/2016 10:09 AM, Rémi Cura wrote: > >> Hey List, >> >> would it be considered safe to use plpythonu for a production database? >> What would be the limitations/ dangers? >> > > They are explained here: > > http://www.postgresql.org/docs/9.5/interactive/plpython.html > > "PL/Python is only available as an "untrusted" language, meaning it does > not offer any way of restricting what users can do in it and is therefore > named plpythonu. A trusted variant plpython might become available in the > future if a secure execution mechanism is developed in Python. The writer > of a function in untrusted PL/Python must take care that the function > cannot be used to do anything unwanted, since it will be able to do > anything that could be done by a user logged in as the database > administrator. Only superusers can create functions in untrusted languages > such as plpythonu." > See also: http://www.postgresql.org/docs/9.5/interactive/sql-grant.html GRANT { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE lang_name [, ...] TO role_specification [, ...] [ WITH GRANT OPTION ] and GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [, ...] ] ) [, ...] | ALL FUNCTIONS IN SCHEMA schema_name [, ...] } TO role_specification [, ...] [ WITH GRANT OPTION ] David J.
