Jon Jensen wrote:
On Thu, 14 Oct 2004, Andrew Dunstan wrote:
It has just been brought to my attention that we are being very restrictive about what we allow to be done in trusted plperl. Basically we allow the :default and :base_math set of operations (run perldoc Opcode or see http://www.perldoc.com/perl5.8.0/lib/Opcode.html for details of what these mean). In particular, we do not allow calls to perl's builtin sort, which is unpleasant, and on reviewing the list it seems to me we could quite reasonably allow access to pack and unpack also. bless and sprintf are also likely candidates for inclusion - I have not finished reviewing the list, and would welcome advice from perl gurus on this.
On the other side, I think we should exclude the :base_io set which is part of the :default set (we don't want trusted plperl writing to stdout, for example - all IO should be forbidden).
That makes sense. Allowing "rand" would be nice too.
You can now - it's part of :base_math. What we should do, however, is disallow is calling srand, since pg goes to quite a bit of trouble to seed the PRNG.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
