42.1. Overview
PL/Tcl offers most of the capabilities a function writer has in the C language, with a few restrictions, and with the addition of the powerful string processing libraries that are available for Tcl.
One compelling
good
restriction is that
everything is executed from within the safety of the context of a
Tcl interpreter. In addition to the limited command set of safe
Tcl, only a few commands are available to access the database via
SPI and to raise messages via
elog()
. PL/Tcl
provides no way to access internals of the database server or to
gain OS-level access under the permissions of the
PostgreSQL
server process, as a C
function can do. Thus, unprivileged database users can be trusted
to use this language; it does not give them unlimited authority.
The other notable implementation restriction is that Tcl functions cannot be used to create input/output functions for new data types.
Sometimes it is desirable to write Tcl functions that are not restricted
to safe Tcl. For example, one might want a Tcl function that sends
email. To handle these cases, there is a variant of
PL/Tcl
called
PL/TclU
(for untrusted Tcl). This is exactly the same language except that a full
Tcl interpreter is used.
If
PL/TclU
is used, it must be
installed as an untrusted procedural language
so that only
database superusers can create functions in it. The writer of a
PL/TclU
function must take care that the function cannot be used to do anything
unwanted, since it will be able to do anything that could be done by
a user logged in as the database administrator.
The shared object code for the
PL/Tcl
and
PL/TclU
call handlers is automatically built and
installed in the
PostgreSQL
library
directory if Tcl support is specified in the configuration step of
the installation procedure. To install
PL/Tcl
and/or
PL/TclU
in a particular database, use the
CREATE EXTENSION
command, for example
CREATE EXTENSION pltcl
or
CREATE EXTENSION pltclu
.