So far, the Perl code has not opened any security-related problems because all I did was regular expressions. The question now is: what if somebody tries to do something nasty inside the Perl function? As stated already, PL/Perl will simply error out:
test=# CREATE OR REPLACE FUNCTION test_security() RETURNS boolean AS $$ use strict; my $fp = open("/etc/password", "r"); return false; $$ LANGUAGE 'plperl'; ERROR: 'open' trapped by operation mask at line CONTEXT: compilation of PL/Perl function "test_security"
PL/Perl will complain as soon as you try to create the function. An error will be displayed instantly.
If you really want to run untrusted code in Perl, you have to use PL/PerlU:
test=# CREATE OR ...