Postgresql 中文操作指南
44.1. Overview #
PL/Tcl 提供了 C 语言函数编写者所具有的大多数功能,仅有一些限制,并增加了适用于 Tcl 的强大的字符串处理库。
PL/Tcl offers most of the capabilities a function writer has in the C language, with a few restrictions, and with the addition of the powerful string processing libraries that are available for Tcl.
一个引人注目的 good 限制是,所有功能均在 Tcl 解释器的安全上下文中执行。除了受限的 Tcl 的命令集以外,仅提供少数命令通过 SPI 访问数据库并通过 elog() 发送消息。PL/Tcl 无法访问数据库服务器的内部结构或以 PostgreSQL 服务器进程的权限获取 OS 级别的访问权,就像 C 函数可以做到的那样。因此,可以信任没有特权的数据库用户使用此语言;它不会赋予他们无限制的权限。
One compelling good restriction is that everything is executed from within the safety of the context of a Tcl interpreter. In addition to the limited command set of safe Tcl, only a few commands are available to access the database via SPI and to raise messages via elog(). PL/Tcl provides no way to access internals of the database server or to gain OS-level access under the permissions of the PostgreSQL server process, as a C function can do. Thus, unprivileged database users can be trusted to use this language; it does not give them unlimited authority.
另一个值得注意的实现限制是 Tcl 函数不能用于为新数据类型创建输入/输出函数。
The other notable implementation restriction is that Tcl functions cannot be used to create input/output functions for new data types.
有时期望编写不太受安全 Tcl 限制的 Tcl 函数。例如,某人可能想要发送电子邮件的 Tcl 函数。要处理这些情况,有一个 PL/Tcl 变体称为 PL/TclU (适用于不可信 Tcl)。这与完全相同,除了使用完整的 Tcl 解释器以外。 If PL/TclU is used, it must be installed as an untrusted procedural language ,这样只有数据库超级用户才能在其中创建函数。编写者必须留心编写 PL/TclU 函数,以防止函数被用于做任何不必要的事情,因为它可以做任何以数据库管理员身份登录的用户所能做的事情。
Sometimes it is desirable to write Tcl functions that are not restricted to safe Tcl. For example, one might want a Tcl function that sends email. To handle these cases, there is a variant of PL/Tcl called PL/TclU (for untrusted Tcl). This is exactly the same language except that a full Tcl interpreter is used. If PL/TclU is used, it must be installed as an untrusted procedural language so that only database superusers can create functions in it. The writer of a PL/TclU function must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator.
如果在安装过程的配置步骤中指定了 Tcl 支持,则 PL/Tcl 和 PL/TclU 调用处理程序的共享对象代码将自动构建并安装在 PostgreSQL 库目录中。要将 PL/Tcl 和/或 PL/TclU 安装在特定数据库中,请使用 CREATE EXTENSION 命令,例如 CREATE EXTENSION pltcl 或 CREATE EXTENSION pltclu。
The shared object code for the PL/Tcl and PL/TclU call handlers is automatically built and installed in the PostgreSQL library directory if Tcl support is specified in the configuration step of the installation procedure. To install PL/Tcl and/or PL/TclU in a particular database, use the CREATE EXTENSION command, for example CREATE EXTENSION pltcl or CREATE EXTENSION pltclu.