Search Postgresql Archives
Security implications of untrusted triggers
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Or more specifically, what are the security implications of a trigger
written in an untrusted language - PL/PerlU?
With a standard stored procedure, you have the possibility of an
SQL-injection attack. Is this possible with a trigger function, if it is
defined as a trigger?
I am writing a couple of Perl modules that talk to the outside world: one
talks to a database (via DBI), and one talks to a Jabber/XMPP server. I
want to use these from within a Trigger. Do I have to taint-check the
input provided by the trigger mechanism - or does PG do this?
Thanks,
-Josh
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]
[Postgresql Jobs]
[Postgresql Admin]
[Postgresql Performance]
[Linux Clusters]
[PHP Home]
[PHP on Windows]
[Kernel Newbies]
[PHP Classes]
[PHP Books]
[PHP Databases]
[Postgresql & PHP]
[Yosemite]
