Re: plpgsql by default

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: David Fetter <david(at)fetter(dot)org>
Cc: "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject: Re: plpgsql by default
Date: 2006-04-11 21:20:02
Message-ID: 10888.1144790402@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

David Fetter <david(at)fetter(dot)org> writes:
> I don't get your not getting this 'cause you're a very smart guy. Are
> you under the impression that an attacker will stop because he has to
> try a few times?

No, I'm saying that having access to a PL renders certain classes of
attacks significantly more efficient. A determined attacker with
unlimited time may not care, but in the real world, security is
relative. You don't have to make yourself an impenetrable target,
only a harder target than the next IP address --- or at least hard
enough that the attacker's likely to get noticed before he's succeeded.
(And certainly, doing anything compute-intensive via recursive SQL
functions is not the way to go unnoticed.)

In the end it's only one small component of security, but any security
expert will tell you that you take all the layers of security that you
can get. If you don't need a given bit of functionality, it shouldn't
get installed.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andreas Tille 2006-04-11 21:22:53 Re: Suboptimal evaluation of CASE expressions
Previous Message David Fetter 2006-04-11 21:04:51 Re: plpgsql by default