PLPythonu for production server

Started by Rémi Curaabout 10 years ago7 messagesgeneral

Jump to latest

Rémi Cura

remi.cura@gmail.com

about 10 years ago

Hey List,

would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?

Thanks,
Cheers,
Rémi-C

Adrian Klaver

adrian.klaver@aklaver.com

about 10 years ago

In reply to: Rémi Cura (#1)

Re: PLPythonu for production server

On 03/03/2016 10:09 AM, Rémi Cura wrote:

Hey List,

would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?

They are explained here:

http://www.postgresql.org/docs/9.5/interactive/plpython.html

"PL/Python is only available as an "untrusted" language, meaning it does
not offer any way of restricting what users can do in it and is
therefore named plpythonu. A trusted variant plpython might become
available in the future if a secure execution mechanism is developed in
Python. The writer of a function in untrusted PL/Python must take care
that the function cannot be used to do anything unwanted, since it will
be able to do anything that could be done by a user logged in as the
database administrator. Only superusers can create functions in
untrusted languages such as plpythonu."

Thanks,
Cheers,
Rémi-C

--
Adrian Klaver
adrian.klaver@aklaver.com

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

David G. Johnston

david.g.johnston@gmail.com

about 10 years ago

In reply to: Adrian Klaver (#2)

Re: PLPythonu for production server

On Thu, Mar 3, 2016 at 12:35 PM, Adrian Klaver <adrian.klaver@aklaver.com>
wrote:

On 03/03/2016 10:09 AM, Rémi Cura wrote:

Hey List,

would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?

They are explained here:

http://www.postgresql.org/docs/9.5/interactive/plpython.html

"PL/Python is only available as an "untrusted" language, meaning it does
not offer any way of restricting what users can do in it and is therefore
named plpythonu. A trusted variant plpython might become available in the
future if a secure execution mechanism is developed in Python. The writer
of a function in untrusted PL/Python must take care that the function
cannot be used to do anything unwanted, since it will be able to do
anything that could be done by a user logged in as the database
administrator. Only superusers can create functions in untrusted languages
such as plpythonu."

GRANT { USAGE | ALL [ PRIVILEGES ] }
ON LANGUAGE lang_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]

and

GRANT { EXECUTE | ALL [ PRIVILEGES ] }
ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [,
...] ] ) [, ...]
| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]

David J.

Rémi Cura

remi.cura@gmail.com

about 10 years ago

In reply to: David G. Johnston (#3)

Re: PLPythonu for production server

Thanks for the answer guys.

I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?
- are there actual production system that use it
- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc ...)

Cheers,
Rémi-C

2016-03-03 20:55 GMT+01:00 David G. Johnston <david.g.johnston@gmail.com>:

Show quoted text

On Thu, Mar 3, 2016 at 12:35 PM, Adrian Klaver <adrian.klaver@aklaver.com>
wrote:

On 03/03/2016 10:09 AM, Rémi Cura wrote:

Hey List,

would it be considered safe to use plpythonu for a production database?
What would be the limitations/ dangers?

They are explained here:

http://www.postgresql.org/docs/9.5/interactive/plpython.html

"PL/Python is only available as an "untrusted" language, meaning it does
not offer any way of restricting what users can do in it and is therefore
named plpythonu. A trusted variant plpython might become available in the
future if a secure execution mechanism is developed in Python. The writer
of a function in untrusted PL/Python must take care that the function
cannot be used to do anything unwanted, since it will be able to do
anything that could be done by a user logged in as the database
administrator. Only superusers can create functions in untrusted languages
such as plpythonu."

See also:

http://www.postgresql.org/docs/9.5/interactive/sql-grant.html

GRANT { USAGE | ALL [ PRIVILEGES ] }
ON LANGUAGE lang_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]

and

GRANT { EXECUTE | ALL [ PRIVILEGES ] }
ON { FUNCTION function_name ( [ [ argmode ] [ arg_name ] arg_type [,
...] ] ) [, ...]
| ALL FUNCTIONS IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]

David J.

Sándor Daku

daku.sandor@gmail.com

about 10 years ago

In reply to: Rémi Cura (#4)

Re: PLPythonu for production server

On 4 March 2016 at 10:46, Rémi Cura <remi.cura@gmail.com> wrote:

Thanks for the answer guys.

I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?

Dunno.

- are there actual production system that use it

I used it in an SMS processing system and it worked like a charm. That
system never made it to the production phase, though.

- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc ...)

I would say, in general, use untrusted languages only if the trusted ones
are not capable or practical for your goals. (Reading/writing/processing
data outside of the database, using third party tools for processing, etc.)

Regards,
Sándor

Adrian Klaver

adrian.klaver@aklaver.com

about 10 years ago

In reply to: Rémi Cura (#4)

Re: PLPythonu for production server

On 03/04/2016 01:46 AM, Rémi Cura wrote:

Thanks for the answer guys.

I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?
- are there actual production system that use it
- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc ...)

An example:

http://bonesmoses.org/2016/03/04/pg-phriday-being-a-tattletale/

Cheers,
Rémi-C

--
Adrian Klaver
adrian.klaver@aklaver.com

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Rémi Cura

remi.cura@gmail.com

about 10 years ago

In reply to: Adrian Klaver (#6)

Re: PLPythonu for production server

Thanks !
Cheers,
Rémi-C

2016-03-05 0:38 GMT+01:00 Adrian Klaver <adrian.klaver@aklaver.com>:

Show quoted text

On 03/04/2016 01:46 AM, Rémi Cura wrote:

Thanks for the answer guys.

I should have mentionned that I had read the doc,
and was looking for non explicit knowledge,
like :
- what is the reputation of plpython for a dba?
- are there actual production system that use it
- what would be the recommended usage perimeter ?
(only administration script like function, advanced processing, etc
...)

An example:

http://bonesmoses.org/2016/03/04/pg-phriday-being-a-tattletale/

Cheers,
Rémi-C

--
Adrian Klaver
adrian.klaver@aklaver.com