[Please don't top-post. Rearranged for clarity.] Steve White <swh...@aip.de> wrote: > On 1.02.11, Tom Lane wrote: >> Steve White <swh...@aip.de> writes: >>> It would be really nice to have a way to load script (especially >>> Python and Perl) from a separate file into a function body. >> >> This seems like a security hole, ie, you could use it to read any >> file the backend has access to. > Isn't the \i command a similar security hole? That is run by a client program on a client machine. If that is what you had in mind, a modification to the CREATE FUNCTION syntax is probably not the way to go. Just to throw a hypothetical out there, were you looking to effectively do a \i inside the string literal which is the function body, picking up a *client-side* file? That has its own problems, of course, but I'm just trying to get us onto the same page. -Kevin
-- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs