What is unsecure postgres languages? How to disable them?
Hi,
Could anyone please tell me what is unsecure postgres languages(like C,
pgperl, pgpython??). How to disable them or restrict them only for super
user?
Thanks,
Dipti
Hi,
Am 22.02.2010 11:56, schrieb dipti shah:
Hi,
Could anyone please tell me what is unsecure postgres languages(like C,
pgperl, pgpython??). How to disable them or restrict them only for super
user?
They are already restricted for the super user because of their
"insecure" nature. That means those languages allow you full access
to the system (and even some innards of postgresql) with the rights
of the postgresql process. You can remove the language handlers:
http://www.postgresql.org/docs/8.1/static/app-droplang.html
If you wish. Apart from that there is no more risk attached to them
unless you are super user or write insecure functions with them
then say with the copy command.
Regards
Tino Wildenhain
Attachments:
dipti shah wrote:
Could anyone please tell me what is unsecure postgres
languages(like C, pgperl, pgpython??). How to disable them or
restrict them only for super user?
I have never heard of "unsecure" languages - what exactly do you mean?
If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.
You cannot disable C functions, but to define them you must also
have superuser privileges.
Yours,
Laurenz Albe
Sorry Albe for confusion. Yes, I meant untrusted languages like C, PL/PerlU,
PL/PythonU etc...
Thanks a lot you and Tino for nice reply. Could you guys tell me how could I
verify whether those languages are installed on my PostGreSQL server?
Thanks for being there,
Dipti
On Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz <laurenz.albe@wien.gv.at>wrote:
Show quoted text
dipti shah wrote:
Could anyone please tell me what is unsecure postgres
languages(like C, pgperl, pgpython??). How to disable them or
restrict them only for super user?I have never heard of "unsecure" languages - what exactly do you mean?
If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.You cannot disable C functions, but to define them you must also
have superuser privileges.Yours,
Laurenz Albe
dipti shah wrote:
Sorry Albe for confusion. Yes, I meant untrusted languages like C,
PL/PerlU, PL/PythonU etc...Thanks a lot you and Tino for nice reply. Could you guys tell me how
could I verify whether those languages are installed on my PostGreSQL
server?Thanks for being there,
DiptiOn Mon, Feb 22, 2010 at 8:14 PM, Albe Laurenz <laurenz.albe@wien.gv.at
<mailto:laurenz.albe@wien.gv.at>> wrote:dipti shah wrote:
Could anyone please tell me what is unsecure postgres
languages(like C, pgperl, pgpython??). How to disable them or
restrict them only for super user?I have never heard of "unsecure" languages - what exactly do you mean?
If you mean "untrusted" languages like PL/PerlU, they are not
installed by default *and* they are restricted to superusers.You cannot disable C functions, but to define them you must also
have superuser privileges.Yours,
Laurenz Albe
As mentioned you can't remove c/internal and for the others, they are
not installed unless you went out of your way to install them.
SELECT *
FROM pg_catalog.pg_language
WHERE lanpltrusted = false
Scott