Reading this answer it appears there may be a security risk in using PL/Python and I am curious how to overcome them. Is my interpretation of the "untrusted" as "unsecure" correct and if so if you wanted to use PL/Python is there a way to configure the database in such a way as to overcome the vulnerabilities? Vague thought, but for example is it possible to somehow sandbox the python code execution?
Asked
Active
Viewed 714 times
2 Answers
2
The linked answer doesn't say or imply that using PL/Python is a security risk.
Is my interpretation of the "untrusted" as "unsecure" correct
That depends on the threat model.
The linked answer is not about using PL/Python yourself, but about letting others whom you have granted limited permissions on your database create and run PL/Python functions. If they were allowed to do that, they could use their own Python code to work around the restrictions that the database would otherwise impose on them.
das-g
- 9,718
- 4
- 38
- 80
-
So I am wondering outside of experimental purposes is anyone using PL/Python in a "secure" commercial production system? If so I would be curious to understand these configurations. @das-g – John Drinane Aug 23 '17 at 15:39
0
That means so PostgreSQL core developers has not full control about libraries and code that can be used in this language. An user can use a functions with a access to files (and bypass PostgreSQL security) or can change system configurations (signals handling) and with possible crashing server.
This is reason, why the using of this language is limited to postgres super user, who is responsible to write correct and safe code. User without super user access cannot to write functions in this language.
Pavel Stehule
- 42,331
- 5
- 91
- 94