[pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or tools functionality to pgrouting

Manas Sivakumar callmehero350 at gmail.com
Sun Aug 7 19:15:05 PDT 2022 

duly noted. I will attempt to proceed forward accordingly.


Regards
Manas

On Mon, Aug 8, 2022 at 11:34 AM Vicky Vergara <vicky at georepublic.de> wrote:

> Hello all,
>
> I am happy that this project is getting more and more attention.
> And before the comments on the thread.
>
> I would like to ask Manas, in the final report he makes to quote the
> statements found in this thread about the cons of using plppythonu3.
>
> Regards
>
> Now onto the comments:
>
> On Sun, Aug 7, 2022 at 1:56 PM Regina Obe <lr at pcorp.us> wrote:
>
>> I concur with Imre Samu.  Most systems do not have plpythonu installed,
>> and adding that extra dependency to test pgRouting would not be
>> acceptable.  So it has to be an optional dependency if it is one at all.
>>
>>
>>
>
> There might be a misunderstanding, although Manas's GSoC project is for
> pgRouting, he is doing it for the spinoff vrpRouting.
> vrpRouting was created because not all software for solving vehicle
> routing problems that is available its been packaged for the different
> operative systems.
> VROOM [1] was the first one that is not packaged, and it needs C++14 at
> least whereas pgRouting needs C++11 which is the one available on CENTOS 7
> for example.
> Also in vrpRouting the min version of postgreSQL is 12, whereas for
> pgRouting it supports all versions that are not in the EOL.
>
> [1] http://vroom-project.org/
>
>
>
>> If it is required for your testing then just don’t run the tests that
>> require it if plpython3u is not installed.
>>
>>
> Right now the testing level is on how to execute the following example of
> or-tools [2]:
>
> [2] https://developers.google.com/optimization/introduction/python#complete-program
>
>
>
>
>>
>>
>> Reasons why plpython3u might not want to be installed:
>>
>>
>>
>> 1) Is a untrusted language so could allow damage to the operating system
>> if used in the wrong hands.
>>
>> e.g. one could overwrite the operating system completely with such a
>> function.  Far beyond mere SQL injection.
>>
>
> plpython3u was actually my suggestion.
> and I have the same question Manas has about alternatives:
> "Do you have any ideas/suggestions on how I could achieve this?"
>
>
>
>> 2) Has an extra dependency on python3 (and a specific minor), which is
>> sometimes difficult to get the right version or configuration especially on
>> older systems.  On a system heavily using python3, it might not even be the
>> right version that plpython3u was compiled with.
>>
>>
>>
>
> Currently for the GSoC program, the scope of his project does not include
> the merge to the main repository of vrpRouting.
> His work will allow the PSC to evaluate:
> - possibility
> - simplicity
> - doability
> - security
> etc
>
>
>
>> As a windows packager, I do not install plpython3u as it’s too messy,
>> requires downloading extra stuff setting certain env variables etc. I still
>> need to be able to test pgRouting proper before packaging for windows users.
>>
>>
>>
>
> Thanks for letting us know.
> We will certainly put this comment on the doability section.
>
>
>
>> *From:* pgrouting-dev [mailto:pgrouting-dev-bounces at lists.osgeo.org] *On
>> Behalf Of *Manas Sivakumar
>> *Sent:* Sunday, August 7, 2022 1:46 PM
>> *To:* pgRouting developers mailing list <pgrouting-dev at lists.osgeo.org>
>> *Subject:* Re: [pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or
>> tools functionality to pgrouting
>>
>>
>>
>> I'm extremely sorry for the late reply. I don't use this mail id
>> frequently. For now, I made install plpython3u as a dependency (I wasn't
>> aware of your concern). I'll see if there is a way to make it optional
>> because the functions that I have written right now need the plpython3u
>> extension for testing. May I know how exactly the plpythonu extension is
>> dangerous in your case? I mean the users can create their own function and
>> run it, this might be a problem as it makes us susceptible to SQL injection
>> attacks of sorts. Do you have any ideas/suggestions on how I could achieve
>> this?
>>
>>
>>
>> Regards
>>
>>
>>
>> On Mon, Aug 1, 2022 at 2:00 AM Imre Samu <pella.samu at gmail.com> wrote:
>>
>> Hi Manas,
>>
>>
>>
>> Thank you for working on this topic.
>>
>>
>>
>> > figure out how to add python ortools to pgrouting requirements
>>
>>
>>
>> I don't know all the details, so apologies if my comment is too early or
>> already known.
>>
>>
>>
>> if it can be done, it would be ideal for me ( as a user )  if the
>> plpython3u system requirement was optional and not mandatory.
>>
>> Now the plpythonu is an “untrusted” language[1]
>>
>>   and is not allowed to be installed in many places;  ( ~ strict security
>> policy )
>>
>>
>>
>> [1] https://www.postgresql.org/docs/14/plpython.html
>>
>> *"The writer of a function in untrusted PL/Python must take care that the
>> function cannot be used to do anything unwanted, since it will be able to
>> do anything that could be done by a user logged in as the database
>> administrator.  Only superusers can create functions in untrusted languages
>> such as plpythonu."   *
>>
>>
>>
>>
> Be certain that the statement will go to the security section of the list
> I mentioned before.
>
> Regards,
>>
>>  Imre
>>
>>
>>
>>
>>
>> Manas Sivakumar <callmehero350 at gmail.com> ezt írta (időpont: 2022. júl.
>> 31., V, 21:09):
>>
>> Hello Everyone,
>>
>> This is my week 7 report of the official coding period July 25th - July
>> 31th.
>>
>> This also marks my first report for the second coding period.
>>
>>
>>
>> *What have I done this week?*
>>
>> ·         Implemented multiple_knapsack in PL/Python
>>
>> ·         Implemented bin_packing in PL/Python
>>
>> ·         Converted knapsack from c++ to PL/Python
>>
>> *What do I plan to do next week?*
>>
>> ·         figure out how to add python ortools to pgrouting requirements
>>
>> *Am I blocked on anything?*
>>
>> ·         No
>>
>> Any feedback, comments and suggestions are welcome.
>>
>> Pull Request : https://github.com/pgRouting/GSoC-pgRouting/pull/241
>>
>>
>>
>> _______________________________________________
>> pgrouting-dev mailing list
>> pgrouting-dev at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>>
>> _______________________________________________
>> pgrouting-dev mailing list
>> pgrouting-dev at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>>
>> _______________________________________________
>> pgrouting-dev mailing list
>> pgrouting-dev at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>>
>
>
> --
>
> Georepublic UG (haftungsbeschränkt)
> Salzmannstraße 44,
> 81739 München, Germany
>
> Vicky Vergara
> Operations Research
>
> eMail: vicky at georepublic.de
> Web: https://georepublic.info
>
> Tel: +49 (089) 4161 7698-1
> Fax: +49 (089) 4161 7698-9
>
> Commercial register: Amtsgericht München, HRB 181428
> CEO: Daniel Kastl
>
>
> _______________________________________________
> pgrouting-dev mailing list
> pgrouting-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/pgrouting-dev/attachments/20220808/89d8e327/attachment-0001.htm>

More information about the pgrouting-dev mailing list