From 05979312eddac1b51287fea7261c9b4d695815dd Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Tue, 20 Nov 2001 21:09:53 +0000 Subject: [PATCH] Added a few paragraphs to explain current restricted execution environment, and error handling behavior. Bradley McLean --- doc/src/sgml/plpython.sgml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/plpython.sgml b/doc/src/sgml/plpython.sgml index ffe888df28..9410a12f99 100644 --- a/doc/src/sgml/plpython.sgml +++ b/doc/src/sgml/plpython.sgml @@ -1,4 +1,4 @@ - + PL/Python - Python Procedural Language @@ -10,6 +10,28 @@ This chapter is not fully developed yet. + + The current version of PL/Python functions as a trusted language only; + access to the filesystem and other local resources are disabled. + Specifically, PL/Python uses the Python restricted execution environment, + further restricts it to prevent the use of the file open call, and + allows only modules from a specific list to be imported. Presently, + that list includes: array, bisect, binascii, calendar, cmath, codecs, + errno, marshal, math, md5, mpz, operator, pcre, pickle, random, re, + regex, sre, sha, string, StringIO, struct, time, whrandom, and zlib. + + + There is discussion on creating an untrusted language variant for a + future release. + + + In the current version, any postgresql error encountered while running + a PL/Python function will result in the immediate termination of that + function by the backend. It is not possible to trap error conditions + using Python try ... catch constructs. For example, a syntax error in + an SQL statement passed to the plpy.execute() call will terminate the + function. This behavior may be changed in a future release. +