Re: plpgsql by default

From: Neil Conway <neilc(at)samurai(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: David Fetter <david(at)fetter(dot)org>, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject: Re: plpgsql by default
Date: 2006-04-11 22:30:33
Message-ID: 1144794633.8825.43.camel@localhost.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, 2006-04-11 at 17:20 -0400, Tom Lane wrote:
> No, I'm saying that having access to a PL renders certain classes of
> attacks significantly more efficient. A determined attacker with
> unlimited time may not care, but in the real world, security is
> relative.

That's a fair point.

Perhaps a compromise would be to enable pl/pgsql by default, but not
grant the USAGE privilege on it. This would allow superusers to define
pl/pgsql functions without taking any additional steps. Non-superusers
could be given access to pl/pgsql via a simple GRANT -- either for all
users via GRANT TO PUBLIC, or on a more granular basis as desired. This
would lower the barrier to using pl/pgsql by a fairly significant
margin, but not cause any additional security exposure that I can see.

-Neil

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marc G. Fournier 2006-04-11 22:35:08 Re: plpgsql by default
Previous Message Tom Lane 2006-04-11 22:29:20 Re: Suboptimal evaluation of CASE expressions