hoodwink.d enhanced


DRb Inside Stored Procs #

by why in inspect

A message from Tim Sutherland of the Ruby Weekly News. He alerts us to an hack in which Ruby’s $SAFE is set to zero inside the PL/Ruby module for PostgreSQL (which allows one to write Ruby inside stored procedures.) This means: anything.

But more specifically:

  SELECT redcloth('*strong text* and _emphasized text_');

The culprit here is Robby Russell. You bandits lick this stuff up like it’s perfumed peanut butter. The DRb jammed inside Postgres example is v. funny. He gives a good case for using RedCloth inside PostgreSQL—so he can use it from PHP. It works better than Parrot I guess. SQLite will let you hook Ruby methods like this as well. (Disclaimer: I am not on the board of advisors for Parrot.)

said on 23 Aug 2005 at 07:45

That’s just wrong.

said on 23 Aug 2005 at 10:22

Anyone who is looking for a new next-gen OO db engine should look here: www.db4o.com (should also work with Ruby, I guess).

said on 26 Oct 2005 at 13:40

How does db4o work with Ruby? I wish. That’d be very cool.

Comments are closed for this entry.