On Wed, 13 Dec 2006, Martijn van Oosterhout wrote:
On Wed, Dec 13, 2006 at 05:04:42PM -0500, Tom Lane wrote:
Bricklen Anderson <banderson@xxxxxxxxxxxx> writes:
Marc Evans wrote:
OK, I must be missing something obvious:
ERROR: creation of Perl function failed: 'eval "string"' trapped by
operation mask at line 2.
Try as plperlu
This brings up the question of whether it'd be safe to allow eval in
plperl functions. I'm not sure why it's excluded now ... does it allow
access to untrusted operations?
ISTM there being something about the Safe module in perl not being able
to enable eval while staying "safe", so to speak.
Looking at the safe module it looks like you can exclude certain
functions from restrictions. The manpage has an example, so a simple
try/catch mechanism could be created if enabling "eval" directly isn't
ok.
I believe that the BLOCK variation of eval could be considered safe, e.g.
eval { ... } but the EXPR version of eval probably should not be
considered safe, e.g. eval "...".
- Marc
