PL/Tcl offers most of the capabilities a function
writer has in the C language, except for some restrictions.
The good restriction is that everything is executed in a safe
Tcl interpreter. In addition to the limited command set of safe Tcl, only
a few commands are available to access the database via SPI and to raise
messages via elog(). There is no way to access internals of the
database backend or to gain OS-level access under the permissions of the
PostgreSQL user ID, as a C function can do.
Thus, any unprivileged database user may be
permitted to use this language.
The other, implementation restriction is that Tcl procedures cannot
be used to create input/output functions for new data types.
Sometimes it is desirable to write Tcl functions that are not restricted
to safe Tcl --- for example, one might want a Tcl function that sends
mail. To handle these cases, there is a variant of PL/Tcl called PL/TclU
(for untrusted Tcl). This is the exact same language except that a full
Tcl interpreter is used. If PL/TclU is used, it must be
installed as an untrusted procedural language so that only
database superusers can create functions in it. The writer of a PL/TclU
function must take care that the function cannot be used to do anything
unwanted, since it will be able to do anything that could be done by
a user logged in as the database administrator.
The shared object for the PL/Tcl and PL/TclU call handlers is
automatically built and installed in the
PostgreSQL
library directory if Tcl/Tk support is specified
in the configuration step of the installation procedure. To install
PL/Tcl and/or PL/TclU in a particular database, use the
createlang script, for example
createlang pltcl dbname or
createlang pltclu dbname.
