Replacing rexec

Tim Gerla tgerla at
Wed Jul 16 19:54:20 CEST 2003

(I apologize if I've dug up a long-dead horse, but I haven't found any
posts in the archive on this that really explain what I'm asking.)

We are looking to use plpython in PostgreSQL, but it's being downgraded
to "untrusted" and/or being completely removed because Python's rexec
went away. Why did rexec go away, specifically? I know it had security
issues, but couldn't these have been fixed? Did the module just have too
many integral flaws in the design to be worth saving?

Is anyone working on a replacement? If not, why not? Even if plpython
isn't very widely used, I think it's still important for advocacy. I'd
much rather write Python than PL.

Anyway, I'm looking for a summary of specific reasons why rexec went
away without a replacement. I understand completely that it had flaws
and was insecure; I'm only confused as to why these flaws were

Given a bit more assurance that a replacement would be useful and
possible, we potentially have the resources to do so. Having a working
and trusted plpython is valuable to both my own organization and, IMHO,
the Python world itself.


Tim Gerla
Outsource Financial Services, LLC.
tgerla at

More information about the Python-list mailing list