On fre, 2010-05-21 at 14:22 -0400, Robert Haas wrote: > On Fri, May 21, 2010 at 2:21 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > Robert Haas <robertmh...@gmail.com> writes: > >> So... can we get back to coming up with a reasonable > >> definition, > > > > (1) no access to system calls (including file and network I/O) > > > > (2) no access to process memory, other than variables defined within the > > PL. > > > > What else? > > Doesn't subvert the general PostgreSQL security mechanisms? Not sure > how to formulate that.
Succinctly: A trusted language does not grant access to data that the user would otherwise not have. I wouldn't go any further than that. File and network I/O, for example, are implementation details. A trusted language might do some kind of RPC, for example. The PL/J project once wanted to do something like that. -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers