Re: [GENERAL] What is unsecure postgres languages? How to disable them?

[Scott Bailey]

dipti shah wrote:
Sorry Albe for confusion. Yes, I meant untrusted languages like C, 
PL/PerlU, PL/PythonU etc...


Thanks a lot you and Tino for nice reply. Could you guys tell me how 
could I verify whether those languages are installed on my PostGreSQL 
server?


Thanks for being there,
Dipti

On Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz > wrote:


dipti shah wrote:
 > Could anyone please tell me what is unsecure postgres
 > languages(like C, pgperl, pgpython??). How to disable them or
 > restrict them only for super user?

I have never heard of "unsecure" languages - what exactly do you mean?

If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.

You cannot disable C functions, but to define them you must also
have superuser privileges.

Yours,
Laurenz Albe



As mentioned you can't remove c/internal and for the others, they are 
not installed unless you went out of your way to install them.


SELECT *
FROM pg_catalog.pg_language
WHERE lanpltrusted = false

Scott

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] What is unsecure postgres languages? How to disable them?

[dipti shah]

Sorry Albe for confusion. Yes, I meant untrusted languages like C, PL/PerlU,
PL/PythonU etc...

Thanks a lot you and Tino for nice reply. Could you guys tell me how could I
verify whether those languages are installed on my PostGreSQL server?

Thanks for being there,
Dipti

On Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz wrote:

> dipti shah wrote:
> > Could anyone please tell me what is unsecure postgres
> > languages(like C, pgperl, pgpython??). How to disable them or
> > restrict them only for super user?
>
> I have never heard of "unsecure" languages - what exactly do you mean?
>
> If you mean "untrusted" languages like PL/PerlU, they are not
> installed by default *and* they are restricted to superusers.
>
> You cannot disable C functions, but to define them you must also
> have superuser privileges.
>
> Yours,
> Laurenz Albe
>

Re: [GENERAL] What is unsecure postgres languages? How to disable them?

[Albe Laurenz]

dipti shah wrote:
> Could anyone please tell me what is unsecure postgres 
> languages(like C, pgperl, pgpython??). How to disable them or 
> restrict them only for super user?

I have never heard of "unsecure" languages - what exactly do you mean?

If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.

You cannot disable C functions, but to define them you must also
have superuser privileges.

Yours,
Laurenz Albe

-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] What is unsecure postgres languages? How to disable them?

[Tino Wildenhain]

Hi,

Am 22.02.2010 11:56, schrieb dipti shah:

Hi,
Could anyone please tell me what is unsecure postgres languages(like C,
pgperl, pgpython??). How to disable them or restrict them only for super
user?


They are already restricted for the super user because of their 
"insecure" nature. That means those languages allow you full access

to the system (and even some innards of postgresql) with the rights
of the postgresql process. You can remove the language handlers:

http://www.postgresql.org/docs/8.1/static/app-droplang.html

If you wish. Apart from that there is no more risk attached to them
unless you are super user or write insecure functions with them
then say with the copy command.

Regards
Tino Wildenhain



smime.p7s
Description: S/MIME Cryptographic Signature