Add some information about what it means for PL/Python to be untrusted.

Similar information already appears in the PL/Perl and PL/Tcl chapters.
2010-03-29 21:35:59 +00:00 · 2010-03-29 21:35:59 +00:00 · 1e24678349
parent 51d2c9b0bb
commit 1e24678349
1 changed files with 9 additions and 4 deletions
--- a/doc/src/sgml/plpython.sgml
+++ b/doc/src/sgml/plpython.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.48 2010/03/29 21:20:58 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.49 2010/03/29 21:35:59 petere Exp $ -->

 <chapter id="plpython">
 <title>PL/Python - Python Procedural Language</title>
@ -27,11 +27,16 @@

 <para>
  As of <productname>PostgreSQL</productname> 7.4, PL/Python is only
-  available as an <quote>untrusted</> language (meaning it does not
-  offer any way of restricting what users can do in it).  It has
+  available as an <quote>untrusted</> language, meaning it does not
+  offer any way of restricting what users can do in it.  It has
  therefore been renamed to <literal>plpythonu</>.  The trusted
  variant <literal>plpython</> might become available again in future,
-  if a new secure execution mechanism is developed in Python.
+  if a new secure execution mechanism is developed in Python.  The
+  writer of a function in untrusted PL/Python must take care that the
+  function cannot be used to do anything unwanted, since it will be
+  able to do anything that could be done by a user logged in as the
+  database administrator.  Only superusers can create functions in
+  untrusted languages such as <literal>plpythonu</literal>.
 </para>

 <note>