Unfortunately python for Postgres is only available as an untrusted language ext... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

pcnc 10 months ago | parent | context | favorite | on: Fly Postgres, Managed by Supabase

Unfortunately python for Postgres is only available as an untrusted language extension, which can provide avenues for things like privilege escalation[0]

We’ve decided to only bundle trusted language extensions so that there is a balance between flexibility when it comes to users writing their own procedures, all while maintaining security.

[0] https://www.postgresql.org/docs/current/plpython.html

fulafel 10 months ago [–]

Oh, interesting. Is it related related to any inherent property of CPython? As there's also trusted Perl, Tcl, Lua etc: https://wiki.postgresql.org/wiki/PL_Matrix

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact